Need some clarification

  • Firstly, I've followed the directions outlined in the Source Dedicated Server post, and verified that I am using the correct static port forwarding info as I should be, however I want to know a couple of things…

    Firstly, when a port is forwarded, will a port sniffer tool (say in this example, be able to tell if that port is open now?  In this case, port 27015.

    I have been trying to set up a L4D2 dedicated server - it works fine on my LAN, however I can't get it to work over the internet at all.  I initially didn't have the static port set up correctly (I had the option enabled per the forum post I am referencing, but I didn't change it to reflect the port number in the rule other than in NAT).

    I can't sniff that port at all - everything I have that tries to sniff the port gets denied (times out, or is denied) so I'm taking that to mean that the port is NOT forwarding like it should be, and that it still isn't set up properly.  I have other ports forwarded in pfsense just fine - ventrilo, web hosting, RDP, etc.  So this one is really frustrating me.

  • One thing you can try.  On the WAN side try telnetting to the IP address and port.

    If you can get a connection through, then pfSense is forwarding and its being blocked upstream.

  • I'm not sure if you want me to try that on the box itself, or from outside, so I tried it from work, but it was denied.  That could be due to rules at work however, so I won't rely on that result.

  • I mean trying it on the same subnet as the WAN IP address.  You will need another machine on this interface to do this test.

    A machine directly on the same subnet.  If you only have one IP address available then unplug your wan and plug up a laptop and assign the address of the router to the laptop and try to telnet.

  • C:\Users\Ben>telnet
    Connecting To…Could not open connection to the host, on port 23: Connect failed


  • try telnet 27015
    not :

  • oy. Ok.

    Microsoft Windows [Version 6.1.7600]
    Copyright © 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\Ben>telnet  27015
    Connecting To ...Could not open connection to the host, on port 27015: Connect failed


    I used to get my IP address, and I checked my IP against my account.  I did use the correct IP, just to clarify.

  • Make sure the machine behind the firewall is using the pfSense box as its default gateway.  Also try telnetting from pfSense itself to the box.

    If that does not work then I am out of ideas without accessing the systems directly but unfortunately I do not have the time for that (too many commercial support jobs waiting for my time).

  • No worries, I realize the forums are not the primary income for you guys.  Thanks for your time on the matter thus far.  Would posting the info from the /temp/rules.debug help anyone else here on the forums?  This is really aggravating.

    Edit - and yes, the system I ran the telnet from is using the pfsense box for the DG.

  • Ok, now I'm livid.  I thought for sure that this was a problem with my pfsense box, and that no matter what I did, I couldn't forward ports.

    However, I just successfully opened 8080, and it tested accordingly.  I removed the rule and the port reported as closed.

    Why the hell does 27015 not work?  I'm not the only one here with this problem.  Why is this such an issue for pfsense?  The other threads on this topic remain unanswered to a large degree.  So now I KNOW it isn't my fault.  It doesn't matter if I change the port to 27016, 27025, etc.  8080 is above "500" so it can't be something relating to anything above 500, so what is it?

  • The reflection ranges > 500 refers to port-ranges of more than 500 ports at once.
    Not ports with a number higher than 500.

    I have personally run a lot of HL/HL2 based servers and never had any problems with forwarding the ports.
    How did you configure the server?
    I don't remember when exactly that was changed, but there was a time when you started a local server and connected with a public IP, the server itself blocked this connection.

    Could you try such a setup:

    private subnet with testclient
    private subnet with server

    Make sure that you don't forget to uncheck the "block private subnets" checkbox on the WAN config page.

  • @sullrich:

    Also check out

    Everything in that guide checks out for me.  When I enable the logging, I can see, specifically in the log, where it rejects requests on this port when I try to use it.

    Another reason I'm upset, I started downloading the Star Trek Online torrent today, I had to open up port 19661 (a random port uTorrent generated for me in this case) and it forwards perfectly, and I can test it from outside of my network without failure.  Why is it then, that when I use the exact same process to open 27015, it doesn't work?

    I'll post anything you guys need me to post to help you iron this out.  I'm not a total n00b when it comes to networking, but I'm far from an expert.  I'm willing to admit there might be something I flubbed in my config early on that is preventing this one port from working, but why just this one port?

  • Everything in that guide checks out for me.  When I enable the logging, I can see, specifically in the log, where it rejects requests on this port when I try to use it.

    That means there is something wrong in your FW rules, because it's reporting to you it got rejected (packet hits outside of firewall and drops). You want it to pass… Maybe the rules are in the wrong order, or it's for the wrong protocol?

    You could try to move your allow rule to the top and make it TCP/UDP.

    Otherwise post the exact rule, and the log entry when it's rejected/dropped.

  • Tell you what. Take a screen shot of your NAT and WAN Rules for us.
    I am a visual guy.

  • Sorry that I didn't get back to you guys, I gave up even after trying to forward the port directly on the DSL modem.  It didn't work.  Qwest swears that they don't block anything, and the firewall seems to work fine otherwise, so I just chalked it up to a complete inability of the DSL to do it.  The server that I was trying to make work on the internet worked just fine if we used OpenVPN to get everyone to connect, so that was my only allowance.  Sorry for the outward frustration - I couldn't understand why it wasn't working as it should.

  • seems odd that an ISP would arbitrarily block a high range port (mainly they just do that for things like port 25 etc..) this may be a silly question, but I didn't specifically see it addressed, is there a firewall on the actual L4D2 server box?

    I had issues setting up an L4D2 server (issues relating to NAT reflection i believe) I went to 2.0 and it all just worked.

    For my server all I forward in from the outside is 27015 UDP I don't even use the manual outbound NAT with static ports (Valve has resolved alot of the NAT issues)

    Let me know if you want any more detail on how mine is setup

Log in to reply