i cannot for love nor money get port 2302 and 27015 open please help

matt211

NAT Rule - http://prntscr.com/nm55un

Firewall Rule - http://prntscr.com/nm56al

Port Checker - http://prntscr.com/nm56um

im still quite new to the pfsense community so any other info you need to tell me

KOM

Do your testing from the WAN side, not LAN.

https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

matt211

http://prntscr.com/nm5e0k

still the same outcome

johnpoz

https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

matt211

unless i have missed anything on there i have tried everything, i need these ports to get my dayz server up and running

johnpoz

So you sniffed on yoru wan per the guide and you show traffic hitting those ports?
You then sniffed on the lan side and see pfsense sending the traffic on - or you dont?

It really should take you like 1 minute to figure out where the problem is... The traffic is not getting to you, you have the wrong IP setup in the port forward or some other issue.

The client is not using pfsense as its gateway, or its running a firewall.

matt211

http://prntscr.com/nm5gcz

johnpoz

so while running that test... You do a packet capture on pfsense - you see the traffic?

KOM

A port scan is not a packet capture.

Also, you can upload your images here directly. No need to link to prntscr.

johnpoz

here - that took all of 20 seconds..

So that validates traffic got to pfsense, so it can forward it... Now do the packet capture on the lan side - do you see pfsense sending it??

So is this tcp or udp you need - 2302, that is common game port...Is the game server running?

matt211

??
like i said im new to all this and have spent hours googling how to fix this

johnpoz

So that is a test from 192.168.1.1 (pfsense) you need to validate it is coming from OUTSIDE!!!!

Do that packet capture when you go to canyouseeme and run their test..

matt211

KOM

OK good, packets are hitting your WAN. Now like John said, trace the same thing but on LAN and see if the packets are being forwarded to your server.

matt211

This post is deleted!

matt211

@KOM

KOM

It looks like it's getting through. Now, I did a quick check and it seems that nobody knows for sure which protocol and ports Dayz uses. You have tcp2302 and 27025, but I've read of others talking about udp2302-2305 and other higher port ranges.

Is there a definitive spec on what this game really needs for network access? Your NAT might be perfect but it doesn't work because you've got the wrong ports defined.

matt211

i pretty much went off what i was told to open to run the server, but i can try the ports you suggested too

KOM

Don't listen to me; I have no idea. All I am saying is that your NATs look good and seem to work for how they are defined. Someone on Reddit was saying that your server won't show up in the community browser unless you also forward the Steam Query port 27016, but they didn't say if that was tcp or udp.

In other words, you need to do some detective work to confirm what Dayz actually needs. The developer's page is total crap and their wiki is empty. So helpful of them.

Good luck.

matt211

ok dude ill have a look and see what i can find, thank you both for all your help <3

KOM

That would certainly explain why you had it configured properly but it still wasn't working.

johnpoz

I would also validate that the 192.168 box isn't sending back RST! ;)

Have it show more detail in your packet capture, or download them and open them with wireshark.

But yeah getting some games to work can be painful since they don't document their shit work anything... I mean really how hard is to say these ports are need unsolicated inbound tcp and or udp, etc..

And these ports are needed outbound from the client..

They just say these ports are needed.. BS the game doesn't need 80 and 53 inbound, etc. etc..

A trick you can sometimes do is just fire up UPnP and run your game - and see what it opens... Then you can shut down UPnP and just open the port it had opened with UPnP..

matt211

ill give that a go too dude, just had a little look and most people are saying ports 2302 - 2306 udp/tcp

matt211

ok so i had a brainwave and decided to do a packet captuer filtering for the ip and port when i was connecting to a dayz server i play on to see if it was udp or tcp

KOM

While you can sometimes derive the info you need through what's essentially reverse-engineering, it would be better to get a real specification as to what this game needs.

This page talks about 2302 and 2305 but doesn't say if tcp or udp.

https://community.bistudio.com/wiki/DayZ:Server_Configuration

johnpoz

Well that server you connecting to is running on 2402

What does that have to do with inbound to you?

Gertjan

This :

@matt211 said in i cannot for love nor money get port 2302 and 27015 open please help:

Port Checker - http://prntscr.com/nm56um

implies that the TCP test runs from pfSense to some device on your LAN, your game server.
pfSense can't connect to it ..., the 192.138.1.118 device refuses connections from your pfSense, probably 192.168.1.1.

In that case, its normal that your NAT rule won't work neither : the server doesn't reply.
Make your game server answering to requests.

Example : I test my Synology NAS on my LAN :

Port 80 on my Syno is open for connections, so the result was Ok.

matt211

ok so i set my network back to original setup, using the virginmedia super hub 3 only and forwaded ports 2302, 2305 and 27015 and now my server shows up to community so it is deffinaly a probem with the pfsense port forward

johnpoz

@matt211 said in i cannot for love nor money get port 2302 and 27015 open please help:

2302, 2305 and 27015 and now my server shows up to community so it is deffinaly a probem with the pfsense port forward

Dude have already been over this... the link to troubleshooting port forwards... Does your super hub have UPnP enabled?

Do a sniff of this traffic lets see only these ports only inbound 2302 and 27015 and 2305... Is that UDP or TCP or both?

You showed a sniff that 2302 being forwarded, etc. etc..

Here is what I can tell you - in the 10+ years have been here.. Every port forward thread, and there have been plenty has always come down down to PEBKAC!!

matt211

@johnpoz the vorgin hub does not use upnp while in modem mode, from what i can find out anyway, there is no option to change anything in modem mode other than to switch back to router mode

i have been through everything on this page https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

and it is still not working

im using udp/tcp as thats what was suggested and that option also worked when i was running with the superhub only

ill post pics of sniffed ports 2302, 2305, 27015 and i also tried from my phone to sniff the port and still said error

johnpoz

And you can see an answer was sent... So open up that packet capture in say wireshark.. Maybe your game sent back a RST... What was the sniff on your lan side - did you send it on to your game box? local IP? If so then the port forward is working!!!

We have already gone over how to troubleshoot this - it takes 2 minutes to do..

Here is the thing that test can only test TCP... If its UDP you can not test... So what is it udp or tcp? if you created the firewall rules... Then sniff when you run you run your game on both your wan and lan - do you see inbound traffic on those ports? Do they get forwarded?

As went over already - turn on UPnP on pfsense - what does it show your game is asking to be opened... Does it work then, etc.

Gertjan

@matt211 : you read my 'diskstation' ping test above ?

Il expose it for a couple of hours on the Internet :
URL brit.test-domaine.fr port 80 TCP
So enter http://brit.test-domaine.fr in a browser and you'll see the default nginx (?) home page of my Syno (diskstation) - it hosts a web server, it's running on my Syno NAS, a device present on my LAN.
For this to happen, I need to create a NAT TCP port 80 rule.
.....
(2 minutes)

Done :

Now, test for yourself : http://brit.test-domaine.fr

(edit : I have a upstream Router, not a modem, so I had also put in a NAT rule in that device, that took me 30 sec max).

edit : to check your ports (TCP only I guess) use world's most famous test site : https://www.grc.com/x/ne.dll?rh1dkyd2

The result for me was :

matt211

i canot see anything comming from the outside to my server machine, but then again i have never used wireshark before so am unsure if i have done it right

matt211

@johnpoz i have sent you a PM

matt211

@Gertjan i already have the rules created

going to change to UDP only as that is what all the servers i have joined use

johnpoz

Well that 2305 shows 16 active states...

matt211

@johnpoz is that good or bad? XD like I said my dude I'm still new to this, so sorry if I seem a bit thick with it

johnpoz

That means there connections using that... And your other rules got hits as well..

Gertjan

@matt211 said in i cannot for love nor money get port 2302 and 27015 open please help:

i already have the rules created

Nice, but on what interface ? Why hiding it ?

As @johnpoz : packets are coming in, using these rules. So : what's doing 192.168.1.5 with them ?

Are you sure that the server on 192.168.1.5 accepts connections on ports 2302, 2305 and 27015, coming in from the world wide network (Internet) ?
It's rather easy to packet-snif on LAN for traffic to these ports, and what comes back etc.
Do you have some device on your LAN that host a server like my diskstation (a web interface - TCP - port 80 or port 443) : use that to NAT a rule on it's port, and prove this way that your are doing things well.

matt211

@Gertjan its on WAN and i am sure the server is accepting connections as when i use my default network setup ( virgin router only) the dayz server shows up to the community, but when i switch back to pfsense the server dosnt show