Source Dedicated Server & pfSense

  • This combination has caused me much agony, but I (with the help of a few others) found a solution. Bascially, due to NAT issues, the wrong IP is reported to Valve's Master Servers and hence your server fails to appear on their master server list. The result of this is that no one connects to your server.

    Okay, first of all, go to the NAT page, click the outbound tab. Select to enable Advanced Outbound NAT. Don't worry, a new rule will automatically be created to replace the existing automatic one.
    Then, create a new rule. The source should be the subnet your server is on (for me, it was /24) and a source port of 27015 (or another port if your server runs on a different one). Check the box that says Static Port and click save.
    Now, move the rule up above the default rule that was created. All you need to do now is to reset the state table and your server will now show up in the master server list after a period of time. To help speed up the server synchronization with Valve's Master Servers, type heartbeat into the server console.

    Thanks to thezfunk and brown on's forums for helping with this. Thought i'd post it here as some people will more than likely come here as opposed to searching for the obscure answer :)

    (For those who are wondering what Source Dedicated Server or SRCDS is, its the server application that hosts games based upon Valve's Source Engine, including Counter Strike: Source, Half Life 2 Deathmatch, Team Fortress 2 and more)

  • That's why one of the sticky posts on this thread, "PROBLEMS WITH A GAME? Try this first", recommends static port. :)

    Good description though, making this a sticky.

  • KingJ, thanks for this post. I'm going to try this change to my pfSense firewall in the next few days, hopefully resolving the problem of my CS:Source game server not showing up in the Steam master servers list.

    There's a bunch of non-game (business) servers behind my firewall, as well. Hopefully, this change will not break outside access to those servers. I've backed up my pfSense config before making this change, of course, just in case.

  • This worked great for me, thanks!

  • THANK YOU SO MUCH! I was wondering why people couldn't see my server, and other connection issues.
    But why do we have to do this? I mean what is this doing? I am a pfsense noob obviously, and I mean why do we have to do this in the first place if it's already port forwarded?

    EDIT: I still don't think it's working :o
    Ok so in nat I went to outbound I make a new rule called obsidian conflict(hl2 mod) and set it at as (Is that right? I connect to my router via and I set the checkbox for static and select port 27016(because this is the port it's on)
    I put the rule above the default one and I hit save then apply. Should work right? I also have it correctly port forwarded too. Any ideas? (PS this router wants me to grind my face on a cheese grater lol, I mean it's so hard to get stuff that should work by default… also why is upnp disabled by default :o and xbl should work outa the box imo. Like profiles of common things would make life a lot better. However the amazing QoS on this router is hard to beat, argh life is so tough  :D)

  • I have followed these instructions to the dot, yet I am unable to get my server on the master list! other people can connect, and i can see that the port is accessable via WAN.'

    Edit: sv_lan is 0, yet it reports that it is a LAN server (No heartbeat, no authentication, no non-class c addresses)

  • If people can connect, but you cannot get the server listed, it's a config problem of your server.
    Try the support channels of the hlds.

  • Well, I have found out what the problem might be.

    The error I am getting (sv_lan is 0…) could be due to a bug. If I could get another person to test this out that would make me feel better.

    Edit: Also, make sure that you have your sv_region set to anything but -1, or the server will not show up on the master list!

Log in to reply