Want to play Diablo 3, but pfsense keeps blocking blizzard's short packets
Last night, I started a download of Diablo III through Blizzard, and they are using the bittorrent protocol, as they do with their other games. The download seems to be creeping along at a bit of nothing, despite my 12 down/2 up internet connection. I started watching my pfsense filter logs live, and noticed the following:
00:00:07.916026 rule 1/0(match): block in on re0: 10.0.42.2.24876 > 220.127.116.11.6881: [|tcp]
00:00:00.000678 rule 1/0(match): block in on re0: 10.0.42.2.24877 > 18.104.22.168.6881: [|tcp]
00:00:00.000725 rule 1/0(match): block in on re0: 10.0.42.2.24874 > 22.214.171.124.6882: [|tcp]
00:00:00.000559 rule 1/0(match): block in on re0: 10.0.42.2.24875 > 126.96.36.199.6881: [|tcp]
As well as a fair few of these:
00:00:00.181675 rule 1/0(match): block in on nfe0: 188.8.131.52.7728 > 10.0.42.2.6881: tcp 44 [bad hdr length 0 - too short, < 20]
00:00:01.752974 rule 1/0(match): block in on nfe0: 184.108.40.206.80 > 10.0.42.2.26425: tcp 24 [bad hdr length 8 - too short, < 20]
00:00:00.426899 rule 1/0(match): block in on nfe0: 220.127.116.11.80 > 10.0.42.2.26426: tcp 24 [bad hdr length 8 - too short, < 20]
00:00:00.553603 rule 1/0(match): block in on nfe0: 18.104.22.168.53857 > 10.0.42.2.6881: tcp 24 [bad hdr length 8 - too short, < 20]
00:00:02.027396 rule 1/0(match): block in on nfe0: 22.214.171.124.59043 > 10.0.42.2.6881: tcp 20 [bad hdr length 8 - too short, < 20]
So I went about creating a few rules in the firewall to allow any traffic inbound or outbound for port 6881-6882. I reloaded the filter, and continued to watch as my downloads was killed with the same two sort of packets getting blocked.
I had read some other forum posts about bad hdr length, so I attempted checking the rule to "bypass firewall rules for traffic on same interface", as some said this resolved the issue, but my logs continued to show the same, so I disabled that again.
Any help would be great. I have been waiting a long time to play this game, and I don't want the download to take years as well.
This probably isn't related to your problem, but I found my transparent squid (proxy) setup prevents the Diablo 3 from downloading and installing(Yes, installing I have Diablo 3 on DVD!). It just sits at 1 or 2% but looks likes it downloading/installing (but it really isn't). I'm still looking into why and/or make exception for Blizzard downloader.
Gertjan last edited by
Hi there !
I have a couple of Blizzard victims on my network (the OPT1 or - my Wifi portal network). Mostly are WarCraft gamers.
Blizzard's downloader often manages to talk to the uPNP (which I have enabled from pFsense) and so it negotiates rules.
You should read: http://us.battle.net/support/en/article/firewall-configuration-for-blizzard-games
But: not using any firewall settings still gives me a decent +1 MB (bytes !) download when installing the +10GB footprint of World of WarCraft
I'm not using any proxy or other shaper stuff.
Make sure when you add those rules that they are listed at the top. By default it's going to put them below the default rules so they will not work. If they are the last rules in your list click the little checkbox next to them, and hit the up arrow that is on the right side of the screen for the rule you want to place them above.