Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to draw a hole in Pfsense

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deibit
      last edited by

      Hi,

      I'm still fighting in trying to understand how this whole NAT ad Firewall rules work together..

      My Homenetwork is very simple

      WAN (DHCP) -> PfSense -> LAN

      Everything worked perfect until I tried to play Iracing (online game)… I'm unable to initiate a session with the online game... as far as I know the game uses a fixed range of ports (15000..52500), The game also has a local web server listening on port 32034 as described here: http://arturmarques.com/wordpress/index.php/2011/05/13/iracing-one-solution-to-the-game-wont-start-problem/

      Well no matter what I try, it doesn't work.. I want to try something else.

      How can I draw a hole for a specific LAN IP in Pfsense? I want to try it reverse.. instead of "opening" i want to start from "complete open". but I also havn't able to do that..

      Actually I still don't get the thing with port forwading and firewall rule.. do I need to create a firewall rule for each port forwading? why? how? (I'm totally lost) :(

      I tried also with UPNP and with Manual Outbound NAT + static port (did not help)

      It should work somehow.. while the Pfsense machine is restarting I have access to the online farms, once pfsense is complete loaded I can't (reseting the pfsense machine everytime I want to play, does not sound very practical)  ;D

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Your home network is NOT this

        My Homenetwork is very simple

        WAN (DHCP) -> PfSense -> LAN

        What provide the dhcp to your pfsense wan?  What device??  I would guess your double natting if your having issues with games like that.

        What is the make and model number of the device your pfsense wan plugs into, and on pfsense what does your wan IP start with, is it 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?  Then your behind a nat!  And with pfsense natting your behind a double nat then.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • D
          deibit
          last edited by

          Hi!

          Thanks for the answer,

          My WAN address in Pfsense is in the 95...* range (in Pfsense)

          Between Internet and Pfsense I have a Motorola cable modem (a pure modem, not a router)

          Now the good news.. Issue is solved. I was thinking the whole time that it was a NAT, Port Fordwading or Firewall Issue. I wrote to the Support team of the online game, they analized my logs and they determine that I was using a transparent proxy (bingo), and that my IP address was dynamically changing (does this happen when setting squid as transparent proxy server?).

          Obviously they did not seem to like that (for security reasons).

          Well, after the implementation of a workaround everything works flawlessly.

          Now it makes sense that during reboot I was able to access to the game server (while squid was not loaded)

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            No your IP address would not be changing if you were using squid on your pfsense..  You only have the 1 IP address don't you!  Now your source port would change as you created new sessions.

            Now they might not of liked the whole proxy thing in the first place - and blocked you since you were using a proxy.  Many people might be trying to circumvent/hide using a proxy.

            The only way your IP could of changed would of been if you had your squid chained so it was using a different proxy upstream from you and sending your traffic there.  Then you would of had your IP, and then that IP.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.