Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sons of the Forest dedicated server

    Scheduled Pinned Locked Moved Gaming
    13 Posts 5 Posters 6.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator @ikkuranus
      last edited by johnpoz

      @ikkuranus said in Sons of the Forest dedicated server:

      When switching it over to the lan I do see the return traffic.

      So you see the traffic sent to the 10.1.1.8? Pfsense only forwards traffic that is allowed. When you created a port forward it would of created a rule on your wan to allow the traffic, unless you told it not to by changing the default in the port forward?

      But if pfsense send the traffic on - it would be up to the server to answer. If you sniff on the lan side interface and see the traffic sent on to the 10.1.1.8 box. It not answering could be firewall on that box, could be that box isn't pointing to pfsense as its gateway, etc.

      So your saying you see the traffic hit 10.1.1.8 on the that box, but it doesn't answer? Or it sends it somewhere else?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      GertjanG I 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @johnpoz
        last edited by Gertjan

        @johnpoz said in Sons of the Forest dedicated server:

        it would of created a rule on your lan

        (a firewall) rule on wan (called ATT here)
        Right ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        johnpozJ 1 Reply Last reply Reply Quote 1
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @Gertjan
          last edited by

          @Gertjan yeah my bad - typo, edited it thanks!

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • P
            pchang388
            last edited by pchang388

            Let me preface this by saying, I only know about firewalls and NAT at a very basic level and am not very versed in these topics. I've been trying to get this work for a few days but have been unsuccessful, thank you for creating this issue as I am also experiencing the same problem.

            I am running pfSense CE 2.7.0 and also went through a similar process as you to set things up but maybe slightly different in that my network set up uses VLAN. The game server is in a VM running on a Proxmox node that is on a VLAN while my personal gaming PC is on default LAN network, appropriate firewalls rules exist to allow any communication between the two networks. For what it's worth, I've hosted other servers like minecraft and usually a simple NAT port forward and associated firewall rule works.

            I can get the server to show up on dedicated server list and my friends are able to connect but I am unable to see the server or connect to it. It does not appear for me in the dedicated server list or LAN list. I think a relevant section from the game developer set up guide is:

            Required Ports:

GamePort (UDP): 8766
QueryPort (UDP): 27016
BlobSyncPort (UDP): 9700

If your network doesn’t support NAT Loopback/Hairpin NAT, then be aware that:

- your server may not be visible in the dedicated server browser if you’re running the game in the same LAN as the server, or on the same machine as the server
- the server can only be joined from the LAN browser

            According to google, Hairpin network address translation (NAT Loopback) is where the device on the LAN is able to access another machine on the LAN via the public IP address of the gateway router. Example in the link provided.

            From what I've gathered so far, NAT reflection setting is supposed to be able to implement hairpin NAT. I've tried a few things and like I said got it to work externally for friends, but I myself am not able to see or join the server. One main issue is that this game does not allow you to specify a specific server IP/port to connect to like other hosted games. It either has to show up in the LAN list or in the Dedicated Server List which is populated if running servers can connect to steam servers via port(s) mentioned.

            Steps done:

            1. Add a port alias
              netgate_topic_181413_port_aliases.png

            2. Create NAT port forward rule with associated firewall. I had to use NAT Reflection: NAT + Proxy to get steam able to connect to my server on my VLAN. I tried Disabled and Pure NAT but those did not work for me.
              netgate_topic_181413_port_forward2.png
              netgate_topic_181413_port_forward.png
              netgate_topic_181413_port_forward_firewall.png

            After this was done, I was able to get steam to connect to my game server and as stated, external friends can connect but I am unable to see or connect at all in the dedicated server list or LAN list.

            I then tried adding outbound NAT rules for each port, one shown here as an example but I added all them. Then I reset the state table as recommended in some other forum posts for similar topics.
            339f3122-506b-4f9e-aaf8-1259ba88f0fa-image.png

            I removed the outbound NAT rules for now since they didn't seem to help, also including Settings -> Advanced -> Firewall/NAT settings below - I am probably missing something there too:
            netgate_topic_181413_firewall_advanced.png

            This did not do anything for me either. I am still unable to see or connect to the server. I hope this adds more infromation to the issue and hopefully someone might be able to point out something I could fix for my set up.

            D 1 Reply Last reply Reply Quote 0
            • D
              Daniel_Hyde @pchang388
              last edited by

              @pchang388

              Why are you putting Steam in the box that should have the port number you want open?

              Thanks
              Dan

              P 1 Reply Last reply Reply Quote 0
              • P
                pchang388 @Daniel_Hyde
                last edited by

                @Daniel_Hyde That's covered in step 1: port alias. From my understanding, it helps reduce the number of rules for firewall since you can group ports together. In this case, I grouped all the required (3) ports into a single alias

                D 1 Reply Last reply Reply Quote 0
                • D
                  Daniel_Hyde @pchang388
                  last edited by

                  @pchang388

                  I've always forwarded ports individually unless it is a massive client that requires many ports to be forwarded.

                  Thanks
                  Dan

                  1 Reply Last reply Reply Quote 0
                  • I
                    ikkuranus @johnpoz
                    last edited by ikkuranus

                    @johnpoz No I meant when switching the packet capture over to the LAN.
                    Anyhow, I changed nat reflection from pure nat to nat + proxy and now the server passes the checks and at least shows up in lan for me. It also shows up on the internet when using a vpn service or if I tether my phones 5g service.

                    P 1 Reply Last reply Reply Quote 0
                    • P
                      pchang388 @ikkuranus
                      last edited by pchang388

                      @ikkuranus

                      I'm glad my set up and usage of NAT + Proxy for NAT reflection was helpful for you, but I am still unable to see the server even in LAN after network test passed.

                      Could you tell me if you see anything different in your rules than what is configured in mine? I mentioned my server is on a VLAN and my gaming PC is on default LAN. I already tried moving my gaming PC to the same VLAN but that didn't work.

                      Any differences you could spot? Do you have any additional settings set in Settings (Advanced -> Firewall/NAT) or NAT page like 1:1? Would be helpful to understand why my set up is not working

                      Showing missing full outbound NAT settings from original post:
                      Screenshot 2023-07-11 at 5.25.19 PM.png

                      1 Reply Last reply Reply Quote 0
                      • P
                        pchang388
                        last edited by

                        I actually just got this to work, YMMV since set ups are so different like my VLAN usage, etc. but it does work for me now.

                        The dedicated server has a built in network test that they do to ensure it can "communicate" properly. I saw some forum post on steam discussions and reddit (https://www.reddit.com/r/SonsOfTheForest/comments/14jo4y0/bug_with_the_new_dedicated_server_tools/) about users being able to play/connect even though the network test failed. Most likely it is either a bug with the network test being used or just that is unfamiliar with the way packets are being handled by pfsense.

                        So most of my set up was actually good and working. Setting NAT + Proxy mode allowed the self-test to pass but as stated only external friends could connect and see the server, I was unable to do so at all. A post mentioned they were using Pure NAT setting for NAT reflection - I tried that and the network self-test failed in the dedicated server. From a suggestion from a user, I tried Pure NAT again and then added the following in the server config file: "SkipNetworkAccessibilityTest": true. This skips the built-in network self-test that is problematic with pfsense NATing or either has a bug as stated.

                        I then was able to see the server in Steam Public List and connect properly. Side note, I am not able to see the server at all in LAN list probably due to VLAN and/or subnet differences. But that is not a big issue since I can connect via public listing. I hope this helps any other users experiencing similar issues

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.