[SOLVED]Getting kicked out from playing Overwatch
-
@Bob-Dig said in Getting kicked out from playing Overwatch:
I almost block everything because it is for incoming connections only I thought, it is for my server.
Everything would be blocked by default on the WAN interface, you've just changed the default deny rule into one huge set of firewall rules using pfBlocker.
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
@Bob-Dig said in Getting kicked out from playing Overwatch:
BTW you've not removed your IP from the bottom of the screenshot .
You right, will change it later anyways.
And default deny rule is probably not related to pfblocker anyway, right?
Nope nothing to do with pfblocker.
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
@NogBadTheBad For incoming connections to my server it is what I want. I mean everything works but kicked out of the game randomly.
-
Nope nothing to do with pfblocker.
That is the point! Sorry i have to change my postings to not get marked as spam... I can't quote it seems.... -
@Bob-Dig said in Getting kicked out from playing Overwatch:
For incoming connec
Post the full WAN rules page.
-
@NogBadTheBad There is nothing of interest, some open ports (NAT) and the country blocks which again is intended.
-
Umm just noticed in the first screenshot it says default deny rule.
I don't think this is a pfBlocker issue.
Asymetric routing perhaps.
I want to come back to that asymetric routing.
My ISP is doing something, so that my Router can't see its internet IP-Address, but a different address. Maybe that is the problem for the firewall?
-
So what are you using the pfBlocker GeoIP rules for on the WAN interface.
To Block all countries bar one for your inbound rules ?
-
@NogBadTheBad please see my posting above
And it is default on the wan interface and I am blocking almost everyone but some countries for incoming connections to my server, but is this really related to my Overwatch problem? -
@Bob-Dig said in Getting kicked out from playing Overwatch:
@NogBadTheBad please see my posting above
And it is default on the wan interface and I am blocking almost everyone but some countries for incoming connections to my server, but is this really related to my Overwatch problem?Your using pfBlocker wrong then.
You need to create an alias in pfBlocker and use it in a firewall rule to pass, doing it the way you are every packet will be evaluated top to bottom till there is a match.
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
I think you need to talk with your ISP.
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
@NogBadTheBad One County or one list only would be easy because I could just Invert Source and everything would be fine. Your screen looks much more complicate to me.
So what I will do now is disable all geoblocking and all of pfblocker and will look if the problem still occurs.
Thank you for now! -
I think you need to talk with your ISP.
It is a big one, Germanys second or third biggest cable-provider, so no chance, they do what they do.
-
@Bob-Dig said in Getting kicked out from playing Overwatch:
I could just Invert Source and everything would b
Is it Telecolumbus ?
Whoever it is they are doing something funky as your router has a different IP address to what's reported by whatsmyip.
-
@NogBadTheBad Yes. But this IP is "made" for this and I can open ports etc. There is nothing I can do about it and maybe it is an pfsense-only or Fancy-Firewall-only problem.
-
@NogBadTheBad So after disabling pfBlocker I had no problem playing Overwatch, although it might be to early to say that definitely.
Anyway, maybe all this geoblocking was to much and had unintended consequences?
So I am looking at this alias permit thingy and I don't understand it at all.
When I permit something, where is it blocked in the first place to make any sense?
I made one up but couldn't see it under rules, where is it?
Maybe you have a link which fully explains it? -
After watching it more closely I think I get it, how it works. Or at least, I am getting there.
Interesting...
But it doesn't work with NAT or does it?
It does, was on the wrong tab.
Now I have to see if it is any good:
-
Your on carrier grade NAT.
Triggering snowflakes one by one..
Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box. -
You just need to follow the screenshots that i posted to create an alias with all the countries you want to allow through then use it in your allow alias.
The less rules / matches the firewall needs to process the better.
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
Are those carrier grade nat ip address, never come across cgn before?https://chrisgrundemann.com/index.php/2012/100640010/
Also doesn’t cgn break customers doing port forwards?
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
