Problems Forwarding Ventrilo Server
-
Hey everyone!
I'm having trouble getting a Ventrilo server to be visible outside of my firewall for some reason. I'm running version 2.0.3.
I've created NAT rules for both ports 3784 (TCP/UDP) and 6100 (UDP).
WAN TCP/UDP * * WAN address 3784 10.10.8.18 3784 Vent
WAN UDP * * WAN address 6100 10.10.8.18 6100 Vent1
I'm able to properly connect within my network using the LAN IP Address (10.10.8.18), so that rules out any issues with the host OS and such.
I've also created outbound rules:
WAN any tcp/udp/3784 * tcp/udp/3784 * * YES Ventrilo
WAN any udp/6100 * udp/6100 * * YES Ventrilo2
At this point, I've attempted to connect from an outside IP address and from within my network using my external IP with no success.
Any ideas on what I might be doing wrong? Snort doesn't report having blocked anything either.Thanks!
-
Do you have a firewall riddled with blocking rules that come before your NAT / Firewall allow rules? Are you running SNORT?
-
Why did you create those outbound? Automatic should work just fine..
And those rules are not right even if you were using manual outbound.
Your using source port and destination port as the same.. So this application uses source same as dest port… That is highly unlikely.
-
Source and destination being same even if bad practice shouldn't break his setup.
Seems to me he should just delete his existing rules and enter a couple simple NAT rules. -
Well that nat is not going to work, since I doubt his source port would be that port.. Not sure why he doesn't no just leave it on automatic.. He should not have had to create any manual outbound nats for something as simple as port forward.
-
Thats true unless he is running multiple IPs and wants to make sure traffic enters and exits from single gateway.
I do know this. Vent server NAT port forward is SIMPLE and about a 2 minute affair to set up. I have one here for my gaming friends (although I don't game).I have found its easier to contact some of them via vent then phone. (Their wives must be lonely. Or maybe not :o)
-
Do you have a firewall riddled with blocking rules that come before your NAT / Firewall allow rules? Are you running SNORT?
I have Snort, but it doesn't look like it's blocking anything it shouldn't (I.E. my rules look correct and don't seem to include Ventrilo). I've tried to look at the logs and haven't found anything being blocked on either of the ports.
Why did you create those outbound? Automatic should work just fine..
And those rules are not right even if you were using manual outbound.
Your using source port and destination port as the same.. So this application uses source same as dest port… That is highly unlikely.
Source and destination being same even if bad practice shouldn't break his setup.
Seems to me he should just delete his existing rules and enter a couple simple NAT rules.I've fixed the destination to include my LAN, but I have Auto disabled since I'm running other services which require me to create static ports.
Thats true unless he is running multiple IPs and wants to make sure traffic enters and exits from single gateway.
I do know this. Vent server NAT port forward is SIMPLE and about a 2 minute affair to set up. I have one here for my gaming friends (although I don't game).I have found its easier to contact some of them via vent then phone. (Their wives must be lonely. Or maybe not :o)
I agree it should be simple! I'm running web servers and other stuff without issue, but for some reason Ventrilo doesn't want to work. Maybe there's an issue with forwarding UDP ports through the firewall?
-
"I have Snort, but it doesn't look like it's blocking anything"
I think we are all going to need a few drinks before anyone addresses that statement…
-
"I have Snort, but it doesn't look like it's blocking anything"
I think we are all going to need a few drinks before anyone addresses that statement…
See above.
-
I'd shut snort down. Forwarding UDP works fine on pfsense and vent for sure does, because I have one set up. What doesn't work is NAT reflection on pfsense with UDP so far, so if you are inside the LAN addressing it by its public IP, thats probably going to fail.
-
I'd shut snort down. Forwarding UDP works fine on pfsense and vent for sure does, because I have one set up. What doesn't work is NAT reflection on pfsense with UDP so far, so if you are inside the LAN addressing it by its public IP, thats probably going to fail.
For some reason, even if I try to address it from another IP address, I still can't see the server. Any other issues with UDP?
-
UDP works just fine so long as you are not inside your own LAN trying to hit your own public IP. Thats NAT reflection and NAT reflection for UDP in pfsense no worky.
Are you doing that?
-
UDP works just fine so long as you are not inside your own LAN trying to hit your own public IP. Thats NAT reflection and NAT reflection for UDP in pfsense no worky.
Are you doing that?
I'm trying to what you mentioned here, as well as trying to hit the server from outside my local network to no avail. I just can't get the server to show up outside of the LAN.
So, I did some additional testing and it looks like port "3784" shows as "open" when I use the port scanner at yougetsignal. Port "6100" does not show as "open" even after forwarding the port through NAT. Maybe that's another clue as to why this isn't working?
-
Why do you need 6100?
-
Why do you need 6100?
From the Ventrilo forums http://forum.ventrilo.com/showthread.php?t=17761:
Note: You may have to configure any firewall/virus/spyware checkers to allow port 3784 (TCP and UDP) and 6100 UDP to pass thru. Consult the individual documentation.
-
I'm running vent on 1 single port… Just 3784.
Thats all I've ever needed.
Can you access vent from inside your LAN?
-
so I just downloaded the server real quick.. and fired it up.. And I see it listening on
TCP 0.0.0.0:3784 0.0.0.0:0 LISTENING
[ventrilo_srv.exe]But it is not listing on 6100 UDP – So what is point of forwarding unsolicited traffic to something that is not there?
I can not seem to find any actual documentation of how it works and what ports are used for what, etc. So if it uses udp 6100 I am not sure where and how.. I can fire it up when I get home and actually make a connection to see if used..
But just when the server is started it is not listening on udp 6100.
-
Thats because its not listening on that port and unless mine has been using "the force" to communicate, it doesn't need 6100.
Its a fairly simple server and seems to act alot like IAX protocol in that it traverses NAT like a champ and needs 1 port only.It is mentioned here, but I don't open it and never have.
http://www.speedguide.net/port.php?port=6100
-
Well, looks like I just figured it out! It seems that I had conflicting NAT rules… Everything is working as it should now! Thanks for your help!
-
Good deal - Yeah. Its always easier to help people if they post their rules, but people are often a little shy to do that.
