Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    i cannot for love nor money get port 2302 and 27015 open please help

    NAT
    4
    40
    2499
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      matt211 last edited by matt211

      NAT Rule - http://prntscr.com/nm55un

      Firewall Rule - http://prntscr.com/nm56al

      Port Checker - http://prntscr.com/nm56um

      im still quite new to the pfsense community so any other info you need to tell me

      Gertjan 1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        Do your testing from the WAN side, not LAN.

        https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

        1 Reply Last reply Reply Quote 0
        • M
          matt211 last edited by

          http://prntscr.com/nm5e0k

          still the same outcome

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 22.05 | Lab VMs CE 2.6, 2.7

            1 Reply Last reply Reply Quote 0
            • M
              matt211 last edited by

              unless i have missed anything on there i have tried everything, i need these ports to get my dayz server up and running

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by johnpoz

                So you sniffed on yoru wan per the guide and you show traffic hitting those ports?
                You then sniffed on the lan side and see pfsense sending the traffic on - or you dont?

                It really should take you like 1 minute to figure out where the problem is... The traffic is not getting to you, you have the wrong IP setup in the port forward or some other issue.

                The client is not using pfsense as its gateway, or its running a firewall.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                1 Reply Last reply Reply Quote 0
                • M
                  matt211 last edited by

                  http://prntscr.com/nm5gcz

                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by

                    so while running that test... You do a packet capture on pfsense - you see the traffic?

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                    1 Reply Last reply Reply Quote 0
                    • KOM
                      KOM last edited by

                      A port scan is not a packet capture.

                      Also, you can upload your images here directly. No need to link to prntscr.

                      1 Reply Last reply Reply Quote 0
                      • johnpoz
                        johnpoz LAYER 8 Global Moderator last edited by johnpoz

                        here - that took all of 20 seconds..

                        porttest.png

                        So that validates traffic got to pfsense, so it can forward it... Now do the packet capture on the lan side - do you see pfsense sending it??

                        So is this tcp or udp you need - 2302, that is common game port...Is the game server running?

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                        1 Reply Last reply Reply Quote 0
                        • M
                          matt211 last edited by matt211

                          Screenshot_3.png
                          ??
                          like i said im new to all this and have spent hours googling how to fix this

                          1 Reply Last reply Reply Quote 0
                          • johnpoz
                            johnpoz LAYER 8 Global Moderator last edited by johnpoz

                            So that is a test from 192.168.1.1 (pfsense) you need to validate it is coming from OUTSIDE!!!!

                            Do that packet capture when you go to canyouseeme and run their test..

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                            1 Reply Last reply Reply Quote 0
                            • M
                              matt211 last edited by

                              Screenshot_4.png

                              1 Reply Last reply Reply Quote 0
                              • KOM
                                KOM last edited by

                                OK good, packets are hitting your WAN. Now like John said, trace the same thing but on LAN and see if the packets are being forwarded to your server.

                                M 1 Reply Last reply Reply Quote 0
                                • M
                                  matt211 @KOM last edited by

                                  This post is deleted!
                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    matt211 last edited by matt211

                                    Screenshot_5.png @KOM

                                    1 Reply Last reply Reply Quote 0
                                    • KOM
                                      KOM last edited by

                                      It looks like it's getting through. Now, I did a quick check and it seems that nobody knows for sure which protocol and ports Dayz uses. You have tcp2302 and 27025, but I've read of others talking about udp2302-2305 and other higher port ranges.

                                      Is there a definitive spec on what this game really needs for network access? Your NAT might be perfect but it doesn't work because you've got the wrong ports defined.

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        matt211 last edited by

                                        i pretty much went off what i was told to open to run the server, but i can try the ports you suggested too

                                        1 Reply Last reply Reply Quote 0
                                        • KOM
                                          KOM last edited by

                                          Don't listen to me; I have no idea. All I am saying is that your NATs look good and seem to work for how they are defined. Someone on Reddit was saying that your server won't show up in the community browser unless you also forward the Steam Query port 27016, but they didn't say if that was tcp or udp.

                                          In other words, you need to do some detective work to confirm what Dayz actually needs. The developer's page is total crap and their wiki is empty. So helpful of them.

                                          Good luck.

                                          1 Reply Last reply Reply Quote 0
                                          • M
                                            matt211 last edited by

                                            ok dude ill have a look and see what i can find, thank you both for all your help <3

                                            1 Reply Last reply Reply Quote 0
                                            • KOM
                                              KOM last edited by

                                              That would certainly explain why you had it configured properly but it still wasn't working.

                                              1 Reply Last reply Reply Quote 0
                                              • johnpoz
                                                johnpoz LAYER 8 Global Moderator last edited by

                                                I would also validate that the 192.168 box isn't sending back RST! ;)

                                                Have it show more detail in your packet capture, or download them and open them with wireshark.

                                                But yeah getting some games to work can be painful since they don't document their shit work anything... I mean really how hard is to say these ports are need unsolicated inbound tcp and or udp, etc..

                                                And these ports are needed outbound from the client..

                                                They just say these ports are needed.. BS the game doesn't need 80 and 53 inbound, etc. etc..

                                                A trick you can sometimes do is just fire up UPnP and run your game - and see what it opens... Then you can shut down UPnP and just open the port it had opened with UPnP..

                                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                If you get confused: Listen to the Music Play
                                                Please don't Chat/PM me for help, unless mod related
                                                SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                1 Reply Last reply Reply Quote 0
                                                • M
                                                  matt211 last edited by

                                                  ill give that a go too dude, just had a little look and most people are saying ports 2302 - 2306 udp/tcp

                                                  1 Reply Last reply Reply Quote 0
                                                  • M
                                                    matt211 last edited by

                                                    ok so i had a brainwave and decided to do a packet captuer filtering for the ip and port when i was connecting to a dayz server i play on to see if it was udp or tcpScreenshot_6.png

                                                    1 Reply Last reply Reply Quote 0
                                                    • KOM
                                                      KOM last edited by

                                                      While you can sometimes derive the info you need through what's essentially reverse-engineering, it would be better to get a real specification as to what this game needs.

                                                      This page talks about 2302 and 2305 but doesn't say if tcp or udp.

                                                      https://community.bistudio.com/wiki/DayZ:Server_Configuration

                                                      1 Reply Last reply Reply Quote 0
                                                      • johnpoz
                                                        johnpoz LAYER 8 Global Moderator last edited by

                                                        Well that server you connecting to is running on 2402

                                                        What does that have to do with inbound to you?

                                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                        If you get confused: Listen to the Music Play
                                                        Please don't Chat/PM me for help, unless mod related
                                                        SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                        1 Reply Last reply Reply Quote 0
                                                        • Gertjan
                                                          Gertjan @matt211 last edited by Gertjan

                                                          This :

                                                          @matt211 said in i cannot for love nor money get port 2302 and 27015 open please help:

                                                          Port Checker - http://prntscr.com/nm56um

                                                          implies that the TCP test runs from pfSense to some device on your LAN, your game server.
                                                          pfSense can't connect to it ..., the 192.138.1.118 device refuses connections from your pfSense, probably 192.168.1.1.

                                                          In that case, its normal that your NAT rule won't work neither : the server doesn't reply.
                                                          Make your game server answering to requests.

                                                          Example : I test my Synology NAS on my LAN :

                                                          5effb218-df54-4262-b2d6-58e74be443ba-image.png

                                                          Port 80 on my Syno is open for connections, so the result was Ok.

                                                          No "help me" PM's please. Use the forum.

                                                          1 Reply Last reply Reply Quote 0
                                                          • M
                                                            matt211 last edited by

                                                            ok so i set my network back to original setup, using the virginmedia super hub 3 only and forwaded ports 2302, 2305 and 27015 and now my server shows up to community so it is deffinaly a probem with the pfsense port forward

                                                            1 Reply Last reply Reply Quote 0
                                                            • johnpoz
                                                              johnpoz LAYER 8 Global Moderator last edited by

                                                              @matt211 said in i cannot for love nor money get port 2302 and 27015 open please help:

                                                              2302, 2305 and 27015 and now my server shows up to community so it is deffinaly a probem with the pfsense port forward

                                                              Dude have already been over this... the link to troubleshooting port forwards... Does your super hub have UPnP enabled?

                                                              Do a sniff of this traffic lets see only these ports only inbound 2302 and 27015 and 2305... Is that UDP or TCP or both?

                                                              You showed a sniff that 2302 being forwarded, etc. etc..

                                                              Here is what I can tell you - in the 10+ years have been here.. Every port forward thread, and there have been plenty has always come down down to PEBKAC!!

                                                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                              If you get confused: Listen to the Music Play
                                                              Please don't Chat/PM me for help, unless mod related
                                                              SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                              1 Reply Last reply Reply Quote 0
                                                              • M
                                                                matt211 last edited by

                                                                @johnpoz the vorgin hub does not use upnp while in modem mode, from what i can find out anyway, there is no option to change anything in modem mode other than to switch back to router mode

                                                                i have been through everything on this page https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

                                                                and it is still not working

                                                                im using udp/tcp as thats what was suggested and that option also worked when i was running with the superhub only

                                                                ill post pics of sniffed ports 2302, 2305, 27015 and i also tried from my phone to sniff the port and still said error

                                                                Screenshot_1.png

                                                                60410051_385437885514641_2287979145012969472_n.jpg

                                                                edit2.png

                                                                edit3.png

                                                                edit.png

                                                                1 Reply Last reply Reply Quote 0
                                                                • johnpoz
                                                                  johnpoz LAYER 8 Global Moderator last edited by johnpoz

                                                                  And you can see an answer was sent... So open up that packet capture in say wireshark.. Maybe your game sent back a RST... What was the sniff on your lan side - did you send it on to your game box? local IP? If so then the port forward is working!!!

                                                                  We have already gone over how to troubleshoot this - it takes 2 minutes to do..

                                                                  Here is the thing that test can only test TCP... If its UDP you can not test... So what is it udp or tcp? if you created the firewall rules... Then sniff when you run you run your game on both your wan and lan - do you see inbound traffic on those ports? Do they get forwarded?

                                                                  As went over already - turn on UPnP on pfsense - what does it show your game is asking to be opened... Does it work then, etc.

                                                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                                  If you get confused: Listen to the Music Play
                                                                  Please don't Chat/PM me for help, unless mod related
                                                                  SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • Gertjan
                                                                    Gertjan last edited by Gertjan

                                                                    @matt211 : you read my 'diskstation' ping test above ?

                                                                    Il expose it for a couple of hours on the Internet :
                                                                    URL brit.test-domaine.fr port 80 TCP
                                                                    So enter http://brit.test-domaine.fr in a browser and you'll see the default nginx (?) home page of my Syno (diskstation) - it hosts a web server, it's running on my Syno NAS, a device present on my LAN.
                                                                    For this to happen, I need to create a NAT TCP port 80 rule.
                                                                    .....
                                                                    (2 minutes)

                                                                    Done :

                                                                    ecc26622-37cb-434d-a151-d531f673df02-image.png

                                                                    Now, test for yourself : http://brit.test-domaine.fr

                                                                    (edit : I have a upstream Router, not a modem, so I had also put in a NAT rule in that device, that took me 30 sec max).

                                                                    edit : to check your ports (TCP only I guess) use world's most famous test site : https://www.grc.com/x/ne.dll?rh1dkyd2

                                                                    The result for me was :

                                                                    cc5941fc-e712-48f7-8787-301d8e5b6b1b-image.png

                                                                    No "help me" PM's please. Use the forum.

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • M
                                                                      matt211 last edited by

                                                                      i canot see anything comming from the outside to my server machine, but then again i have never used wireshark before so am unsure if i have done it right

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • M
                                                                        matt211 last edited by

                                                                        @johnpoz i have sent you a PM

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • M
                                                                          matt211 last edited by matt211

                                                                          @Gertjan i already have the rules created Screenshot_2.png

                                                                          going to change to UDP only as that is what all the servers i have joined use

                                                                          Gertjan 1 Reply Last reply Reply Quote 0
                                                                          • johnpoz
                                                                            johnpoz LAYER 8 Global Moderator last edited by

                                                                            Well that 2305 shows 16 active states...

                                                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                                            If you get confused: Listen to the Music Play
                                                                            Please don't Chat/PM me for help, unless mod related
                                                                            SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                                            M 1 Reply Last reply Reply Quote 0
                                                                            • M
                                                                              matt211 @johnpoz last edited by

                                                                              @johnpoz is that good or bad? XD like I said my dude I'm still new to this, so sorry if I seem a bit thick with it

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • johnpoz
                                                                                johnpoz LAYER 8 Global Moderator last edited by

                                                                                That means there connections using that... And your other rules got hits as well..

                                                                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                                                If you get confused: Listen to the Music Play
                                                                                Please don't Chat/PM me for help, unless mod related
                                                                                SG-4860 22.05 | Lab VMs CE 2.6, 2.7

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • Gertjan
                                                                                  Gertjan @matt211 last edited by

                                                                                  @matt211 said in i cannot for love nor money get port 2302 and 27015 open please help:

                                                                                  i already have the rules created

                                                                                  Nice, but on what interface ? Why hiding it ?

                                                                                  As @johnpoz : packets are coming in, using these rules. So : what's doing 192.168.1.5 with them ?

                                                                                  Are you sure that the server on 192.168.1.5 accepts connections on ports 2302, 2305 and 27015, coming in from the world wide network (Internet) ?
                                                                                  It's rather easy to packet-snif on LAN for traffic to these ports, and what comes back etc.
                                                                                  Do you have some device on your LAN that host a server like my diskstation (a web interface - TCP - port 80 or port 443) : use that to NAT a rule on it's port, and prove this way that your are doing things well.

                                                                                  No "help me" PM's please. Use the forum.

                                                                                  M 1 Reply Last reply Reply Quote 0
                                                                                  • M
                                                                                    matt211 @Gertjan last edited by

                                                                                    @Gertjan its on WAN and i am sure the server is accepting connections as when i use my default network setup ( virgin router only) the dayz server shows up to the community, but when i switch back to pfsense the server dosnt show

                                                                                    1 Reply Last reply Reply Quote 0
                                                                                    • First post
                                                                                      Last post