Sons of the Forest dedicated server
-
@ikkuranus said in Sons of the Forest dedicated server:
enabled static ports in pfsense for the lan IP of that server.
You use port numbers on pfSense in an alias, that's ok.
But the "IP" of the server isn't defined on pfSense. The IP, network, DNS and most important : the gateway, is set on the server.
Where did you capture ? What filters ?
If you were capturing on your LAN , like 10.1.1.0/24, where are the packets that come back from the server ?
If the server wouldn't answer, then the issue is on the server.
It works when you connect a PC on the same LAN as the server ?ATT is your WAN, right ?
The error messages might tells me something different : invalid steam user.
-
I captured on the wan/att with the following port filters UDP 8766|27016|9700
When switching the packet capture over to the lan I do see the return traffic.
I don't believe this game supports wan+lan mode at the same time or if it does you can only see it in the server browser after it passes the network check. Also, it doesn't have a direct IP connection mode like other games so I can't simply force it to try and connect via IP.If I set it to lan only then it shows up in the lan browser and is connectable.
-
@ikkuranus said in Sons of the Forest dedicated server:
When switching it over to the lan I do see the return traffic.
So you see the traffic sent to the 10.1.1.8? Pfsense only forwards traffic that is allowed. When you created a port forward it would of created a rule on your wan to allow the traffic, unless you told it not to by changing the default in the port forward?
But if pfsense send the traffic on - it would be up to the server to answer. If you sniff on the lan side interface and see the traffic sent on to the 10.1.1.8 box. It not answering could be firewall on that box, could be that box isn't pointing to pfsense as its gateway, etc.
So your saying you see the traffic hit 10.1.1.8 on the that box, but it doesn't answer? Or it sends it somewhere else?
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.03 | Lab VMs 2.7.2, 24.03 -
@johnpoz said in Sons of the Forest dedicated server:
it would of created a rule on your lan
(a firewall) rule on wan (called ATT here)
Right ? -
@Gertjan yeah my bad - typo, edited it thanks!
-
Let me preface this by saying, I only know about firewalls and NAT at a very basic level and am not very versed in these topics. I've been trying to get this work for a few days but have been unsuccessful, thank you for creating this issue as I am also experiencing the same problem.
I am running pfSense CE 2.7.0 and also went through a similar process as you to set things up but maybe slightly different in that my network set up uses VLAN. The game server is in a VM running on a Proxmox node that is on a VLAN while my personal gaming PC is on default LAN network, appropriate firewalls rules exist to allow any communication between the two networks. For what it's worth, I've hosted other servers like minecraft and usually a simple NAT port forward and associated firewall rule works.
I can get the server to show up on dedicated server list and my friends are able to connect but I am unable to see the server or connect to it. It does not appear for me in the dedicated server list or LAN list. I think a relevant section from the game developer set up guide is:
Required Ports: GamePort (UDP): 8766 QueryPort (UDP): 27016 BlobSyncPort (UDP): 9700 If your network doesn’t support NAT Loopback/Hairpin NAT, then be aware that: - your server may not be visible in the dedicated server browser if you’re running the game in the same LAN as the server, or on the same machine as the server - the server can only be joined from the LAN browserAccording to google, Hairpin network address translation (NAT Loopback) is where the device on the LAN is able to access another machine on the LAN via the public IP address of the gateway router. Example in the link provided.
From what I've gathered so far, NAT reflection setting is supposed to be able to implement hairpin NAT. I've tried a few things and like I said got it to work externally for friends, but I myself am not able to see or join the server. One main issue is that this game does not allow you to specify a specific server IP/port to connect to like other hosted games. It either has to show up in the LAN list or in the Dedicated Server List which is populated if running servers can connect to steam servers via port(s) mentioned.
Steps done:
-
Add a port alias
-
Create NAT port forward rule with associated firewall. I had to use NAT Reflection:
NAT + Proxyto get steam able to connect to my server on my VLAN. I triedDisabledandPure NATbut those did not work for me.
After this was done, I was able to get steam to connect to my game server and as stated, external friends can connect but I am unable to see or connect at all in the dedicated server list or LAN list.
I then tried adding outbound NAT rules for each port, one shown here as an example but I added all them. Then I reset the state table as recommended in some other forum posts for similar topics.
I removed the outbound NAT rules for now since they didn't seem to help, also including Settings -> Advanced -> Firewall/NAT settings below - I am probably missing something there too:
This did not do anything for me either. I am still unable to see or connect to the server. I hope this adds more infromation to the issue and hopefully someone might be able to point out something I could fix for my set up.
-
-
Why are you putting Steam in the box that should have the port number you want open?
Thanks
Dan -
@Daniel_Hyde That's covered in step 1: port alias. From my understanding, it helps reduce the number of rules for firewall since you can group ports together. In this case, I grouped all the required (3) ports into a single alias
-
I've always forwarded ports individually unless it is a massive client that requires many ports to be forwarded.
Thanks
Dan -
@johnpoz No I meant when switching the packet capture over to the LAN.
Anyhow, I changed nat reflection from pure nat to nat + proxy and now the server passes the checks and at least shows up in lan for me. It also shows up on the internet when using a vpn service or if I tether my phones 5g service. -
I'm glad my set up and usage of
NAT + Proxyfor NAT reflection was helpful for you, but I am still unable to see the server even in LAN after network test passed.Could you tell me if you see anything different in your rules than what is configured in mine? I mentioned my server is on a VLAN and my gaming PC is on default LAN. I already tried moving my gaming PC to the same VLAN but that didn't work.
Any differences you could spot? Do you have any additional settings set in Settings (Advanced -> Firewall/NAT) or NAT page like 1:1? Would be helpful to understand why my set up is not working
Showing missing full outbound NAT settings from original post:
-
I actually just got this to work, YMMV since set ups are so different like my VLAN usage, etc. but it does work for me now.
The dedicated server has a built in network test that they do to ensure it can "communicate" properly. I saw some forum post on steam discussions and reddit (https://www.reddit.com/r/SonsOfTheForest/comments/14jo4y0/bug_with_the_new_dedicated_server_tools/) about users being able to play/connect even though the network test failed. Most likely it is either a bug with the network test being used or just that is unfamiliar with the way packets are being handled by pfsense.
So most of my set up was actually good and working. Setting
NAT + Proxymode allowed the self-test to pass but as stated only external friends could connect and see the server, I was unable to do so at all. A post mentioned they were usingPure NATsetting for NAT reflection - I tried that and the network self-test failed in the dedicated server. From a suggestion from a user, I triedPure NATagain and then added the following in the server config file:"SkipNetworkAccessibilityTest": true. This skips the built-in network self-test that is problematic with pfsense NATing or either has a bug as stated.I then was able to see the server in Steam Public List and connect properly. Side note, I am not able to see the server at all in LAN list probably due to VLAN and/or subnet differences. But that is not a big issue since I can connect via public listing. I hope this helps any other users experiencing similar issues
