Port Forwards stopped updating.



  • I have about 15 VM's behind my pfsense v2.0.1 all running multiple game servers at a remote location.  Keeping in mind I also have VPN to this location through OpenVPN

    With CS:GO coming out soon I thought it was time to deploy a new VM and install the server.

    I was running a CSS server which used the same ports.  I had shut that down.  Removed the port forward entries for that machines as well as the port alias associated with it.

    I created a new port alias for CS:GO which contain 27015 and 27005. I forwarded UDP the ports to the new machine using the alias and I cannot connect through the WAN IP.  I turned off Windows Firewall just to be sure. However I can connect through VPN.  Problem must be in the firewall soemwhere.

    Thinking that by some off chance that maybe the game server itself was rejecting some sort of connections I setup an FTP server and had it run on port 2121.  Forwarded that port and same thing.  Cannot connect through WAN, but can connect through VPN.

    I then changed my production FTP server over to port 2121 and changed the port forward ip to that machine.  I could connect through WAN!!

    Changed it back to the CS:GO server (which is still running ftp server on 2121) and cannot connect.  <–-----Interestingly though!  Even after applying the port forward change, when I try to connect I can clearly see the FTP admin interface on my production FTP alerting me of a connection!  WTF!  The port forward isnt even on that machine anymore.  Thinking this was way out of whack i removed the port forward for 2121 altogether.  It STILL connects to the production ftp server.  I'm at a total loss.

    I've cleared the states on this thing so nothing is still hanging around.  Rebooted it to clear anything.  I'm stumped!  Any ideas?



  • In my state table I can still clearly see its pointing traffic on 27015 to my old CSS server even though ALL traces of that config are gone from the firewall.  The port forward is no longer there, the alias is no longer there.

    10.0.1.104:27015 <- x.x.127.124:27015 <- x.x.250.159:27390



  • Ok using the above info i found that it the ip address ending in 104 was not my old CSS server.  It was the UT3 server that had a port alias of 27000:28000.

    Removed it, and redid those port forwards and its all good.

    However it still doesnt explain the weird stuff I was seeing with the FTP servers.  Though that seemed to have stopped this morning as well.

    Note to self…. no working on the firewall at 11 at night when you're too tired to see the most obvious things.


Locked