Problems Hosting HALO Combat Evolved Servers

tjs275x

Having problems forwarding UDP ports to host my halo combat evolved server
the ports I would like to forwarded are 25600, to 25614 using UDP protocol
I read online that with a more expensive firewall forwarding UDP is tricky
Right now i am using smoothwall from smoothwall.org to firewall my server.

when I forward the UDP ports on pfsense, Gamyspy will not see the servers and I also can not connect to them using the outside IP address.
If i forward anything using TCP protocol it works file. Using smoothwall I have no problems with anything so I know the network is setup fine.

I am using pfsense 2.0.3
for hardware i am using a firebox x500
WAN is connected right to the external port on the firebox, then from there to a hub
Simple setup for the network side.

Any help would be Kick Ass!!

sdowling

Having the same problem, have been totally pulling my hair out…really hoping someone figures this out.  I have UDP for Teamspeak 3 server (on same box) passing through no problem (as well as related TCP ports) all through NAT rules and auto Firewall rules, but still no response from external Halo CE clients.

Halo and Teamspeak servers are currently hosted on the same VM (WinXP on Server 2012 Hyper-V) with no firewall on anything internal (host or VM).  NIC for this VM is isolated from the server OS so I can't see how anything could be interfering.  I've tried hosting from standalone PCs behind the pfSense as well, but still no luck.

marvosa

Post your port forward and Firewall rules.

Also, is there a reason you're not using the default ports?  Everything I'm reading shows the following ports are used by default:

80 (Transmission Control Protocol (TCP)) – Auto-update looks for and downloads updates through this port.
2302 (User Datagram Protocol (UDP)) - Game host listens on this port.
2303 (UDP) - Game client connects to host through this port.

sdowling

OK…I wasn't able to make things work with just NAT/Firewall rules, but I was able to make it work by enabling UPnP.  I'm hosting the Halo CE server on a dedicated Hyper-V VM with static IP mapping.  So the firewall isn't completely compromised, I limited UPnP to the VM host IP and ports above the standard service port range (i.e. >1024).  I took a few tips from this thread:

http://forum.pfsense.org/index.php?topic=13887.0

Everything is working like a charm now.  I'm sure if I log the UPnP traffic I can isolate the port range the game server is using, but this works for now.

tjs275x

@sdowling:

OK…I wasn't able to make things work with just NAT/Firewall rules, but I was able to make it work by enabling UPnP.  I'm hosting the Halo CE server on a dedicated Hyper-V VM with static IP mapping.  So the firewall isn't completely compromised, I limited UPnP to the VM host IP and ports above the standard service port range (i.e. >1024).  I took a few tips from this thread:

http://forum.pfsense.org/index.php?topic=13887.0

Everything is working like a charm now.  I'm sure if I log the UPnP traffic I can isolate the port range the game server is using, but this works for now.

So what exactly did you do to make halo work with pfsense?
can you post this info for me?
Thanks!

sdowling

Well, it worked fine for about 2 weeks…but now its broken again.  When I figure out, I'll try to post some instructions.  This is shamefully difficult to get up and running solid.

sdowling

OK…its all sorted now.  The problem wasn't with pfsense (surprise, surprise).

For pfSense 2.03, what works for me is as follows:

1)  Make a Firewall alias for all the Halo ports you need (depends on the number of servers you're running).  I have a range covering 2302:2310 called "HaloServer".

2)  Make a NAT rule on the WAN interface directing traffic from any source, any port whose destination is to your WAN address, on ports listed in the above alias (protocol UDP) to the internal IP of the host.  Column entries should look like:

If   Proto Src. addr   Src. ports    Dest. addr         Dest. ports NAT IP         NAT Ports
WAN   UDP *           *               WAN address HaloServer 192.168.1.** HaloServer

*** Make sure you have the "Filter rule association" set to "Create new associated filter rule"

3. Create an Outbound NAT rule on the WAN interface from the internal host IP (any port) to any Destination/port and any NAT address/port.  The important part is to check the "Static-Port" checkbox.  Column entries should look like:

Interface   Source                 Source Port Destination Destination Port NAT Address NAT Port Static Port
WAN    192.168.1.**/32 *                 *                 *                         *                 *         YES