SOLVED: NAT / forward same ports (SRCDS) to two internal IP:s?
-
Hey,
Sry if this is a repeat of some previous topic but after searching on this forum I have'nt found anything that answers my questions (or atleast in a way that I understand).
The issue that I have is the following:
- I have a service called Fiberlan with a capacity of 100/100Mbits.
- My ISP (Telia) has given me one (1) static IP and one (1) dhcp IP (this is all I can get)
- I have two Counter-Strike: Source & Team Fortress 2 servers (2 pshysical servers that is)
- The servers are located in a small building next to my house (sort of a shed)
- The "shed" has a direct CAT6 connection to a switch (that is dirctly linked to the fiber converter) in my house.
The DHCP address I need for my wireless router in my house (2 x laptops and 1 stationary PC). My idea was to place a pfsense equipped PC in the shed that would own the static IP and then serve the 2 servers using NAT.
So, finnally to the real question, can i forward the same external ports to two different internal IP (eg port XXXXX to 192.168.0.2 and 192.168.03)?
The servers all require the same ports to be opened and the only port that differs among the servers is the connection port that the external clients use (eg, one server on 27015, next on 27045 and so on).
In addition to the connection port i need the following ports to be forwarded to both of the two internal IP:s:
Steam Friends Service UDP 1200
Steam Main UDP 27000 to 27015
Steam Main TCP 27020 to 27039Is this possible in any way using pfsense? (is it possible in any way without using more public (registered) ip:s?)
Thanks
/E
-
No you cannot forward the same port to two different server.
If it were a mere webserver and you just wanted to balance the load it would have been possible but i assume your clients should be able to choose to which server they want to connect.But why do you need on both the same ports open?
As far as i recall you can define which ports a CSS/TFT2 Server uses.
If they are public and you register them on the list they will automatically list themself with the custom ports.And if they are not public it wouldnt matter if you had uncommon ports since your clients have to add the IP/port manually anyway :)
Or could you give mor information why you want them on the same ports?
-
The issue are these ports:
Steam Friends Service UDP 1200
Steam Main UDP 27000 to 27015
Steam Main TCP 27020 to 27039As far as I understand they have to be opened for inbound traffic for every STEAM based server you run. The client connection port is, however, individual and can be specified at "will".
I've tried to find defentive answers on wheater the above listed ports are required for inbound traffic or outbound only but no luck so far. Would really like to figure this out BEFORE i start building a PC to run pfsense ;-)
Regards,
E
-
Take a look at the steam support page:
https://support.steampowered.com/kb_article.php?ref=6470-EIFV-5481You can have a server on whichever port you like.
The ports you posted are just the default values. -
^^ thx man
Just found an article (you would'nt believe what i used as searchword..) that specifies that the ports i listed above is for STEAM e.g. CLIENTS and not for dedicated servers.
Dedicated servers (standalone) does'nt use STEAM. Dedicated servers only need one port and that is the connection port (UDP for clients and TCP for rcon) and that port can be any port - just as you say.
Thx again for your support!
Regards,
E
-
Hey people by the way:
if u wanna make ur gameserver behind NAT appear in the masterlist:
Pfsense should be ur one-and-only friend.
To set it right, u must enable inFirewall –> NAT --> Outbound
"Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))"
Look Attached Images for closer Instruction :)
The port must be ur gameserver Port, thats allredy forwarded to be reachable from the internet...
this issue is needed for quake3 and counter strike / css for sure. others i didnt test...
ah btw some idea for future Features in Pfsense...
Can we have a field where u can enter port range?
