[SOLVED]Getting kicked out from playing Overwatch
-
You just need to follow the screenshots that i posted to create an alias with all the countries you want to allow through then use it in your allow alias.
The less rules / matches the firewall needs to process the better.
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
Are those carrier grade nat ip address, never come across cgn before?https://chrisgrundemann.com/index.php/2012/100640010/
Also doesn’t cgn break customers doing port forwards?
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
You just need to follow the screenshots that i posted to create an alias with all the countries you want to allow through then use it in your allow alias.
The less rules / matches the firewall needs to process the better.
That's what I did on my last screenshot. It is a little more complicated to set up or maybe there are more easy options I don't know. Also I hope this will help with Overwatch, I still don't know for sure, because I like this game but only in small doses.
Are those carrier grade nat ip address, never come across cgn before?
Also doesn’t cgn break customers doing port forwards?
Whatever they do, I can open ports, so would be interested to know the right term for that.
PS:Still getting marked as spammer here, even without VPN, I have to remove the beginning of each quote.
@NogBadTheBad I also made some port aliases so my rules on WAN now look more clean (less rules). Again, thank you!
-
@NogBadTheBad said in Getting kicked out from playing Overwatch:
Also doesn’t cgn break customers doing port forwards?
Yep. Many people will be behind the public IP address he is behind. no way to port forward and that address is not routable from the outside. Any kind of port forward would have to be set up by the ISP you your NATt'd address.
Technically you are double NATt'd.
Id be interested to see your firewall logs..
pfblocker would be pretty useless on the WAN.
-
pfblocker would be pretty useless on the WAN.
Don't ask me how it works but I can instantly do port forwards by my own.
-
So you have open ports from the outside?
If for some reason your ISP was NATting every address in their system I suppose they might put you in a DMZ of sorts.. Can you do a test at GRC.com and show the results here?
https://www.grc.com/x/ne.dll?bh0bkyd2
Ive already tried a port scan and came up with nothing. You might have the US blocked so Id understand but..
Just because you can build a port forward doesn't mean anyone is getting to you. Maybe other customers behind your CGNAT..
-
@chpalmer Like I said before, yes I can. You can believe me or not...
And I had no more problems with overwatch after changing the geoblocking to what @NogBadTheBad has suggested.
-
@Bob-Dig said in Getting kicked out from playing Overwatch:
@chpalmer Like I said before, yes I can. You can believe me or not...
Didn't say I don't believe you.. I am saying that based on your input here.. Your WAN address is 100.65.134.66 and your public IP address shows up as 82.119.9.xxx (you still have it visible in a post above). That means you are behind some kind of NAT. Normally when you are behind CGNAT in such a way there is no way to get to you by accessing the public address you are behind. Usually the carrier has many customers showing up behind the same address. If they have somehow "port forwarded" to you we cannot possibly know that without someone coming along and telling us otherwise.
(Unless you are double NAT'd behind your own modem and failed to mention that or I missed that above.. The address your WAN shows up is pretty specific and Id not guess that you chose that.)
Since you are obviously behind CGNAT then you have to take that into account in trying to diagnose your connection problems here.
Many times a carrier will use CGNAT as a side benefit to them to keep residential service customers from hosting servers.
Triggering snowflakes one by one..
Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box. -
@chpalmer I even have a rule just for GRC, which doesn't work anymore, because now the geoblocking is in the portforwards.
And no double-NAT on my side.
-
@chpalmer but for your curiosity, here is a portscan from another site. And I already changed my WAN-IP-address.
-
@Bob-Dig gave you a couple of
so you shouldn't be hit as hard by spam detection anymore.Still don't really get your NAT forwards or rules you made with pfBlockerNG but we could more easily discuss that in german in the other section. But a 100.x address is most probably a CGN address. And if you have that on the WAN and can port forwards ports yourself, the assumption that double NAT from the carrier itself is in play is a big possibility. As there are quite a few special nets included in the various pfBNG lists, it may very well be an update of one of the lists that locked you out of play (as some of them get updated hourly). Perhaps a false positive or sth.
Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!
If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.
-
@NogBadTheBad and now you've preserved it for posterity in your own post despite the fact that it's they've removed it
-
@JeGr Hey JeGr, thanks for upvoting. What is not to get on my NAT-Forwards? I now do geo-blocking or to be more precise -permitting within these rules.
And again, I don't know what my ISP is doing... I only say I can open ports, lucky me.
And before that I geoblocked almost every Country on the WAN-Interface, which worked quite nice I thought, because it effected only unsolicited incoming connections. Worked good to geoblock on my port-forwards. I also could go everywhere on the web so I am pretty sure with the "unsolicited" incoming connections. And that should never be making a problem to the overwatch game in the first place. Overwacht doesn't open any ports, no UPnP.
So I think it was just the overwhelming geoblocking that was somewhat responsible for dropping the connection.. But that is just a guess. There are some more variables on my side. But it works now, so probably solved. -
@NogBadTheBad and now you've preserved it for posterity in your own post despite the fact that it's they've removed it
I removed it yesterday, don't think it is needed but I am no expert.
PS:Still getting flagged as spam when doing full-quotes. -
@Bob-Dig said in [SOLVED]Getting kicked out from playing Overwatch:
And that should never be making a problem to the overwatch game in the first place. Overwacht doesn't open any ports, no UPnP.
Yeah but Blizzard is using CDNs and other stuff. Even when just allowing German/EU servers your pfBNG rules may very well been hit by IPs listed to other areas/countries etc. because of CDN and Co. And as the lists are updated hourly that could enter an IP you were using to one of the blocklists.
What is not to get on my NAT-Forwards?
I'm not discussing your forwards, just saying, that with your blurs I can't say anything about them being effective/useful or not. And as your screenshot on your LAN shows pfBNG rules as well (Pri1!) it's entirely possible, that one of the necessary IPs for Overwatch was listed on one of the PRI1 lists temporarily (false positives happen) and you were kicked out be the rule taking effect hourly. Also you didn't mention running IDS in addition, which could also have triggered that. But as you say it's working now, pretty sure it was a pfBNG list.
-
@JeGr I watched the IDS every time, there was nothing.
And the pfBNG on LAN would had potentially harm every pfsense user with this pfBNG-rule who was playing overwatch (in europe), wouldn't the outcry immense around here?
Here is a non-blurred version of my newly created port-forwards thanks to NogBadTheBad. I hope you like it, I do.
There is not much happening and it is more a fun-project, hosting these servers, again, I am no professional but kinda like this stuff on an amateur-basis. And pfSense is a new challenge and I like it too. Also I didn't got any more firmwareupgrades for my beloved merlin-router.
-
Can't say I really understand what you are doing with !pfB_Top_v4 and why you use different entry points for IMAP but sure. As EULiked is a custom thing, one can only hope the selection is good for you ;)
Not the first time some IP get's recognized as a wrong country. Nothing to do with pfBNG but with Maxmind and their IP updates. Other lists, too. And no, I don't think many gamers have outbound pfBlocker running on their gaming network - or even pfsense running ;)
Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!
If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.
-
@JeGr said in [SOLVED]Getting kicked out from playing Overwatch:
Not the first time some IP get's recognized as a wrong country
Yeah this is can be problematic for sure.. Especially with shortage of space increasing the sale/transfer of space..
-
@JeGr I have different Geo Setting for smtp then for pop and imap, sure you doesn't get the reason for this?
And again, the geo-blocking, witch I did before, was only for unsolicited incoming connections. So it shouldn't had any impact on overwatch or anything I did on my machine. -
did you end up figuring out the fix for this. i just installed pfsense and had the same issue . works fine if i disable geoblocking. i have it setup mainly because i have open port for cameras.
