How to draw a hole in Pfsense



  • Hi,

    I'm still fighting in trying to understand how this whole NAT ad Firewall rules work together..

    My Homenetwork is very simple

    WAN (DHCP) -> PfSense -> LAN

    Everything worked perfect until I tried to play Iracing (online game)… I'm unable to initiate a session with the online game... as far as I know the game uses a fixed range of ports (15000..52500), The game also has a local web server listening on port 32034 as described here: http://arturmarques.com/wordpress/index.php/2011/05/13/iracing-one-solution-to-the-game-wont-start-problem/

    Well no matter what I try, it doesn't work.. I want to try something else.

    How can I draw a hole for a specific LAN IP in Pfsense? I want to try it reverse.. instead of "opening" i want to start from "complete open". but I also havn't able to do that..

    Actually I still don't get the thing with port forwading and firewall rule.. do I need to create a firewall rule for each port forwading? why? how? (I'm totally lost) :(

    I tried also with UPNP and with Manual Outbound NAT + static port (did not help)

    It should work somehow.. while the Pfsense machine is restarting I have access to the online farms, once pfsense is complete loaded I can't (reseting the pfsense machine everytime I want to play, does not sound very practical)  ;D


  • LAYER 8 Global Moderator

    Your home network is NOT this

    My Homenetwork is very simple

    WAN (DHCP) -> PfSense -> LAN

    What provide the dhcp to your pfsense wan?  What device??  I would guess your double natting if your having issues with games like that.

    What is the make and model number of the device your pfsense wan plugs into, and on pfsense what does your wan IP start with, is it 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?  Then your behind a nat!  And with pfsense natting your behind a double nat then.



  • Hi!

    Thanks for the answer,

    My WAN address in Pfsense is in the 95...* range (in Pfsense)

    Between Internet and Pfsense I have a Motorola cable modem (a pure modem, not a router)

    Now the good news.. Issue is solved. I was thinking the whole time that it was a NAT, Port Fordwading or Firewall Issue. I wrote to the Support team of the online game, they analized my logs and they determine that I was using a transparent proxy (bingo), and that my IP address was dynamically changing (does this happen when setting squid as transparent proxy server?).

    Obviously they did not seem to like that (for security reasons).

    Well, after the implementation of a workaround everything works flawlessly.

    Now it makes sense that during reboot I was able to access to the game server (while squid was not loaded)


  • LAYER 8 Global Moderator

    No your IP address would not be changing if you were using squid on your pfsense..  You only have the 1 IP address don't you!  Now your source port would change as you created new sessions.

    Now they might not of liked the whole proxy thing in the first place - and blocked you since you were using a proxy.  Many people might be trying to circumvent/hide using a proxy.

    The only way your IP could of changed would of been if you had your squid chained so it was using a different proxy upstream from you and sending your traffic there.  Then you would of had your IP, and then that IP.


Log in to reply