Problem with port Forwarding



  • I have two version of a gameserver. One on Win 2k8, other on CentOS 6.5

    My pfsense WAN IP v4 is 14.0.30.103 and I need to forward it to my game server 192.168.10.150 with port range 6041 - 6050.

    The Windows version is OK and player can enter the game. But In CentOS the client do not access 14.0.30.103, It access to 192.168.100.150 so players cannot enter the game.

    When I using "telnet 14.0.30.103 6041 - 6050", it's OK

    What's difference between Windows and CentOS ? Plz tell me the solution.


  • Rebel Alliance Global Moderator

    "What's difference between Windows and CentOS ?"

    Do you want me to write a book - one is Windows and the other is LINUX – these are completely different operating systems ;)

    I have a suspicion that english is not your first language -- you might get better help in your native language forum section.

    I am trying to work out what you are asking - but something seems missing in translation..

    You say "gameserver" -- what game??  Is this game being hosted on 2k8 or centos?  Or some other machine.

    is 192.168.10.150 the 2k8 machine?  So forwarding your public IP 14.x.x.x to your game server sure ok - that is for users OUTSIDE your network..  But other client centos is on 192.168.10.???

    So why would it use your public IP?

    Please draw out your network and give details of what IP address each machine and who is server who is client and what game it is.  Are you trying to access game via name resolution?  If you want to access via your public IP from devices inside pfsense you need to enable nat reflection.  ARe these ports you forwarded 6041-6050 tcp or udp?



  • Yes, sorry about bad english  :D

    Now you can see this image. All Port using TCP

    My question exactly that why the Client using Public IP 14.0.30.103 and other one using a LanIP 192.168.100.150. Becase this is a Lan IP so player cant not enter the game.


  • Rebel Alliance Global Moderator

    "It connects to 14.0.30.150"

    Well how does that have anything to do with pfsense??  This would be a client issue, name resolution issue if your not trying to talk to pfsense IP - then no it will not be able to get forwarded to whatever your forwarding – why is this even a question you would have to ask?

    edit
    Ah you edited the picture - that makes more sense ;)

    So how do you make your connection to this game.. If trying to use the private IP of the game server, then seems like mis configuration of the server sending its private IP vs the public one of pfsense.

    You see this a lot in say ftp servers.. Where you have a control channel and then a data channel and make connection to this data channel via passive..  Server is in 192.168.1.x behind nat of publicIP.. ftp server really doesn't know this and sends client what it knows its IP is 192.168.1.x which is not going to be accessible to the ftp client.  You need to verify your gameserver software is configured to send the public IP, not its private IP.

    edit2:  Other issue with your drawing is I doubt the pfsense lan IP is in the 14 network ;)



  • @johnpoz:

    "It connects to 14.0.30.150"

    Well how does that have anything to do with pfsense??  This would be a client issue, name resolution issue if your not trying to talk to pfsense IP - then no it will not be able to get forwarded to whatever your forwarding – why is this even a question you would have to ask?

    edit
    Ah you edited the picture - that makes more sense ;)

    So how do you make your connection to this game.. If trying to use the private IP of the game server, then seems like mis configuration of the server sending its private IP vs the public one of pfsense.

    You see this a lot in say ftp servers.. Where you have a control channel and then a data channel and make connection to this data channel via passive..  Server is in 192.168.1.x behind nat of publicIP.. ftp server really doesn't know this and sends client what it knows its IP is 192.168.1.x which is not going to be accessible to the ftp client.  You need to verify your gameserver software is configured to send the public IP, not its private IP.

    edit2:  Other issue with your drawing is I doubt the pfsense lan IP is in the 14 network ;)

    Thanks you very much.

    But I don't understand why the Windows version can work and CentOS version can't.

    I also try to change the server IP Address but it cannot launch, this is a game called XJSJ from China.

    I also try to change my loopback Adapter on CentOS

    DEVICE=lo
    IPADDR=14.0.30.103
    NETMASK=255.255.255.0
    NETWORK=192.168.10.1
    # If you're having problems with gated making 127.0.0.0/8 a martian,
    # you can change this to something else (255.255.255.255, for example)
    BROADCAST=14.0.30.103
    ONBOOT=yes
    NAME=loopback
    

    So I can Lauch the gameserver software using public ip but the client still connect to 192.168.10.150



  • And another question is:

    What can I do if a have an additional public IP ?


  • Rebel Alliance Global Moderator

    Your not going to be able to launch the game with a public IP – the game server needs to tell its clients to connect to whatever your public IP is.

    If you had 2 public IPs - then you could have connections to public.A go to serverA and public.B go to serverB

    edit:  from the mess you made of your lo configuration, its clear you don't understand anything about networking even at a basic level ;)

    BROADCAST=14.0.30.103

    Really??

    I tried looking up XJSJ and don't seem to find anything about game or server, etc.  Configuration of what the GAME tells its clients what IP its on would be in the game configuration, it would have NOTHING to do with the machines network configuration.



  • @johnpoz:

    Your not going to be able to launch the game with a public IP – the game server needs to tell its clients to connect to whatever your public IP is.

    If you had 2 public IPs - then you could have connections to public.A go to serverA and public.B go to serverB

    edit:  from the mess you made of your lo configuration, its clear you don't understand anything about networking even at a basic level ;)

    BROADCAST=14.0.30.103

    Really??

    This problem that's I use pfsense to build an Anti Syn Flood system  :(


  • Rebel Alliance Global Moderator

    Where did you come up with anti syn flood??  From the nonsense you tried to apply to the lo interface, I have a hard time believing you even know what a syn is to be honest ;)

    Do you have a link to this gameserver software that is in english?  That I could take a look at?  Like I stated I can not seem to find anything about XJSJ



  • @johnpoz:

    Where did you come up with anti syn flood??  From the nonsense you tried to apply to the lo interface, I have a hard time believing you even know what a syn is to be honest ;)

    Do you have a link to this gameserver software that is in english?  That I could take a look at?  Like I stated I can not seem to find anything about XJSJ

    Now Do you have a chat messenger. For example skype or yahoo. So I can contact you for help