A question about ports

  • if there is a sticky topic please direct me. I really have no idea what the problem even is.

    I'm fairly new to pfsense and I'm using it on an internet cafe. My customers say they are frequently disconnecting from their games (League of Legends PH, Crossfire PH) even though personally I play my games fine (Ranked Gaming Client).

    Then there's also the problem with utorrent (only I am using it). Utorrent tells me "port is not open (you are still able to download)" when I port test from there.

    I'm only using pfsense on this internet cafe and have no intention to let outsiders access it nor that I run it wirelessly (aside from the DSL modem which is wireless). Will opening ports solve most of my customer's frequent disconnection? How many ports must I open and won't it be too dangerous from hacking?

  • Are you running uPNP and NAT - PMP?

  • I honestly don't know.

  • In the web gui, check services > uPNP and NAT PMP

    Tell me what is or isn't checked.

  • Enable UPnP & NAT-PMP = unchecked
    Allow UPnP Port Mapping = unchecked
    Allow NAT-PMP Port Mapping = unchecked
    By default deny access to UPnP & NAT-PMP? = unchecked

    pfsense 2.1

  • Check them all.

    except - Don't check By default deny access to UPnP & NAT-PMP?

    Also for:

    External Interface (generally WAN) - Select WAN

    and for

    Interfaces (generally LAN) - Select LAN  (I assume you only have 2 interfaces?  WAN and LAN?)

    Then click the change button at bottom.

    This will probably fix alot of your gaming issues.

  • Also, don't check:

    Log packets handled by UPnP & NAT-PMP rules?

    Use system uptime instead of UPnP & NAT-PMP service uptime?

    By default deny access to UPnP & NAT-PMP?

  • utorrent now says ports are open. Thanks for now I guess, but I'll have to monitor their gaming experience.

  • There is a protocol that automagically opens ports and forwards them to the correct client when running a game a torrent or skype or whatever.  It allows reliable connections to servers or between peers.

    Thats what you just enabled.

    If this doesn't work out, I'll refund all the money you paid me.  Every cent.  I promise.  ;D

  • wha… sounds assuring XD

  • Its the best advice I have for you.  I think it will fix most things.

    If you have lots of users that change often its impossible for me to guess where to forward ports.

    So, best to leave it to uPNP.

    There are some games out there that don't implement uPNP well and I can't do a single thing about those.

    If you have some static clients you could port forward to them on a one-off basis.

    (That advice will cost you triple what you paid me earlier)  ;)

  • it seems I have a new problem now.

    its just SOOO hard browsing websites. most of them I'd get an instant "server not found" in firefox. I already checked if I accidentally added bandwidth limit rules or something but I can't find anything. I only installed squid3 package. and btw, I'm using the same machine where pfsense VM is installed and also serving diskless clients. all PCs connected to my network are static IPs.

    speedtest isn't loading either so I guess I must have screwed the web gui or something. but I honestly can't remember anything.

  • squid3 can definitely break internet for you if set up wrong.

    I use squid - BUT if I were you I wouldn't use any squid at all if you are mainly doing gaming stuff.

  • uninstalling squid solved most of the problem, but…


    these customers are soooo youtube hungry! and facebook games too! (well, they wouldn't be using the internet otherwise so...)

    I find myself surprised at how a newbie like me instantly wanted the advanced features so fast.

  • The cache doesn't help you at all with youtube or the rest.  Thats all "dynamic content".  Squid as you and most people use it only gets about 5% cache hits and thats pretty much all just really basic internet content, like the banners on this page for instance and the graphics.  Definitely not videos most of the time.

  • I've seen squid3 (yes I know its still beta) in latest pfsense and it SEEMS (yes, seems) it can cache dynamic content.

    I'd also like the bandwidth limiter it provides. or can Maximum Download Speed (Kbits/second) under the Services: UPnP & NAT-PMP can do the job?

  • Improper caching the easiest way to break the Internet. It's best left to your ISP. Decent ISPs should't charge you for cached data from their internal network.

Log in to reply