Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Teamspeak 3 Wont Allow Connections

    Firewalling
    7
    33
    4976
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Winzier09 last edited by

      I am running a teamspeak 3 server that cannot seem to forward the 9987 port on pfsense. TS3 Server is on a virtual Ubuntu server through Hyper-V that located on a physical box that shares a VM with pfsense. Everything in the home works fine internet wifi etc.

      Before Pfsense clients could connect to the teamspeak server, but after no one can reach in. I have the basic 9987 port and I have tried forwarding it on pfsense. (I heard something about Split DNS, but I am not sure what my host name or domain name would be for the ubuntu server.) I included a photo as well. I've tried everything possible on the port forwarding side.

      The ubuntu can ping google and reach out to everything and has the ports all forwarded on it

      Here is my setup
      Modem–--> Into NIC #1 into a virtual machine that uses that port dedicated *no bridge the connections go out of it through ----> NIC# 2 the lan port which is bridged ----> into a switch
      The switch has a wireless router connected used as an access point *No dhcp that is located on pfsense *other users are using the switch as well

      What are your thoughts on why external users cannot connect? I can connect to it on my own network and console into through putty.


      1 Reply Last reply Reply Quote 0
      • H
        Harvy66 last edited by

        Have you packet sniffed? Make sure you see the packets coming in and going out of PFSense and if the TS server is seeing the packets but dropping them.

        1 Reply Last reply Reply Quote 0
        • T
          Trel last edited by

          Your picture shows you forwarding each port to two different servers.

          Which of the servers 10.30.150.2 or 10.30.150.13 is the right one?  With those rules, it can't forward to both.

          1 Reply Last reply Reply Quote 0
          • W
            Winzier09 last edited by

            The virtual server is on .13 the physical server it sits on it .2 so should I just forward to one? Users connected to the teamspeak server without pfsense in the mix and connected fine. Ive tried tracing the packets and watching the log summary and watch the incoming ip's get denied. It seems that there is some LAN interaction going on as well when an incoming ip tries to connect. Regardless i added them to allow passage as a rule but still nothing??

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              The virtual server is on .13 the physical server it sits on it .2 so should I just forward to one?

              Huh? You need to forward the port to the IP address expecting the connections.

              1 Reply Last reply Reply Quote 0
              • W
                Winzier09 last edited by

                @Derelict:

                The virtual server is on .13 the physical server it sits on it .2 so should I just forward to one?

                Huh? You need to forward the port to the IP address expecting the connections.

                Thanks

                1 Reply Last reply Reply Quote 0
                • W
                  Winzier09 last edited by

                  Nope changed nothing. Still cannot connect.

                  1 Reply Last reply Reply Quote 0
                  • T
                    Trel last edited by

                    To clarify, right now you're forwarding JUST to .13, right?

                    1 Reply Last reply Reply Quote 0
                    • W
                      Winzier09 last edited by

                      Yes port forwarding to .13 to the virtual server where the teamspeak 3 Ubuntu server sits.

                      1 Reply Last reply Reply Quote 0
                      • M
                        MLIT last edited by

                        Have you tried rebooting? I had a firewall issue with TS where it wouldn't forward connections through correct (It would block them –- I pulled it out of the firewall log). I rebooted and then it worked fine after that.

                        1 Reply Last reply Reply Quote 0
                        • T
                          Trel last edited by

                          @Winzier09:

                          Yes port forwarding to .13 to the virtual server where the teamspeak 3 Ubuntu server sits.

                          Could you also post a picture of the Firewall -> Rules -> WAN tab?

                          1 Reply Last reply Reply Quote 0
                          • W
                            Winzier09 last edited by

                            Tried rebooting still wont allow anyone in. Now it doesn't even show incoming connections on the system log->firewall. It does keep showing LAN connections every time anyone tries to connect.


                            1 Reply Last reply Reply Quote 0
                            • T
                              Trel last edited by

                              Did you nuke the 30033 forward? I don't see a corrisponding rule for it in that pic, but I do see two separate ones for 10011

                              1 Reply Last reply Reply Quote 0
                              • W
                                Winzier09 last edited by

                                Changed it. Check these photos out. Still nothing

                                EDIT I changed the 10011 on the port forward one








                                1 Reply Last reply Reply Quote 0
                                • D
                                  doktornotor Banned last edited by

                                  That WAN thing is still wrong. You did NOT change the NAT ports, only the destination port.

                                  1 Reply Last reply Reply Quote 0
                                  • W
                                    Winzier09 last edited by

                                    Please see the edit. I changed the wan 10011 to 30033

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      doktornotor Banned last edited by

                                      No. You only changed it in one place. Look at the NAT Ports field!

                                      1 Reply Last reply Reply Quote 0
                                      • W
                                        Winzier09 last edited by

                                        Yes I did. Here


                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          doktornotor Banned last edited by

                                          Wonderful. Now, either reset the states or reboot the box.

                                          1 Reply Last reply Reply Quote 0
                                          • W
                                            Winzier09 last edited by

                                            Rebooted still cant get clients =\

                                            1 Reply Last reply Reply Quote 0
                                            • D
                                              doktornotor Banned last edited by

                                              Sucks to be you. Produce some packet captures.

                                              1 Reply Last reply Reply Quote 0
                                              • C
                                                Cyberloard last edited by

                                                I'm trying to understand your setup. Modem–--> Into NIC #1 into a virtual machine that uses that port dedicated *no bridge the connections go out of it through ----> NIC# 2 the lan port which is bridged ----> into a switch
                                                do you mean that pfsense is virtualized or is it on bare metal, and when you say it uses a dedicated port no bridge do you mean it's a virtual nic?

                                                Secondly is your modem a full modem, not one of the generic modem/router combo devices isp's like to give out? If it is one of those combo devices then you'll have to configure it to port forward to the pfsense box.

                                                1 Reply Last reply Reply Quote 0
                                                • Derelict
                                                  Derelict LAYER 8 Netgate last edited by

                                                  In this post:

                                                  https://forum.pfsense.org/index.php?topic=94117.msg523417#msg523417

                                                  You do not have a rule on WAN for 30033.

                                                  I don't know if you are using the linked rules from your port forwards or not.

                                                  This stuff really does "just work."

                                                  1 Reply Last reply Reply Quote 0
                                                  • W
                                                    Winzier09 last edited by

                                                    And the most current settings.




                                                    1 Reply Last reply Reply Quote 0
                                                    • Derelict
                                                      Derelict LAYER 8 Netgate last edited by

                                                      From: https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

                                                      Common Problems

                                                      1. NAT and firewall rules not correctly added (see How can I forward ports with pfSense?)

                                                      Hint: Do NOT set a source port

                                                      2. Firewall enabled on client machine

                                                      3. Client machine is not using pfSense as its default gateway

                                                      4. Client machine not actually listening on the port being forwarded

                                                      5. ISP or something upstream of pfSense is blocking the port being forwarded

                                                      6. Trying to test from inside the local network, need to test from an outside machine

                                                      7. Incorrect or missing Virtual IP configuration for additional public IP addresses

                                                      8. The pfSense router is not the border router. If there is something else between pfSense and the ISP, the port forwards and associated rules must be replicated there.

                                                      9. Forwarding ports to a server behind a Captive Portal. An IP bypass must be added both to and from the server's IP in order for a port forward to work behind a Captive Portal.

                                                      10. If this is on a WAN that is not the default gateway, make sure there is a gateway chosen on this WAN interface, or the firewall rules for the port forward would not reply back via the correct gateway.

                                                      11. If this is on a WAN that is not the default gateway, ensure the traffic for the port forward is NOT passed in via Floating Rules or an Interface Group. Only rules present on the WAN's interface tab under Firewall Rules will have the reply-to keyword to ensure the traffic responds properly via the expected gateway.

                                                      12. If this is on a WAN that is not the default gateway, make sure the firewall rule(s) allowing the traffic in do not have the box checked to disable reply-to.

                                                      13. If this is on a WAN that is not the default gateway, make sure the master reply-to disable switch is not checked under System > Advanced, on the Firewall/NAT tab.

                                                      14. WAN rules should NOT have a gateway set, so make sure that the rules for the port forward do NOT have a gateway configured on the actual rule.

                                                      15. If the traffic appears to be forwarding in to an unexpected device, it may be happening due to UPnP. Check Status > UPnP to see if an internal service has configured a port forward unexpectedly. If so, disable UPnP on either that device or on the firewall.

                                                      1 Reply Last reply Reply Quote 0
                                                      • W
                                                        Winzier09 last edited by

                                                        Here is what the packet capture got for host 10.30.150.13 with the ts3 server. Attached is the LAN segment but the WAN showed no traffic for udp 9987


                                                        1 Reply Last reply Reply Quote 0
                                                        • Derelict
                                                          Derelict LAYER 8 Netgate last edited by

                                                          2. Firewall enabled on client machine

                                                          Did you even go through that list?

                                                          1 Reply Last reply Reply Quote 0
                                                          • C
                                                            Cyberloard last edited by

                                                            When people connect are they using a domain address like ts.example.com or an IP address? If they are using only the domain address try using the IP address (the public one on the WAN).

                                                            1 Reply Last reply Reply Quote 0
                                                            • W
                                                              Winzier09 last edited by

                                                              Yes I have went through the last already.

                                                              What firewall does Ubuntu have?

                                                              Ubuntu , as with all post 2.2/2.4 kernel Linux distributions comes with the netfilter/iptables framework. This framework is a set of kernel modules that can be utilized to create packet filtering rules at the kernel level. Rules are written in iptables format, which is the method of conveyance of instructions to netfilter, and in essence the Linux Kernel.

                                                              Ubuntu also includes an application called Uncomplicated FireWall (UFW). This application is a userspace application that essentially can be used to create iptables rules. There is also a GUI for UFW called GUFW. It provides a graphical interface for UFW. Again remember, UFW is simply writing iptables rules and sending them off to netfilter, and thus the kernel. It is NOT a firewall in and of itself.

                                                              There are other applications such as Firestarter, which essentially cover the same ground as UFW. The Firestarter project is out of development, and was bug prone even when it was developed actively. I do not recommend it, and it is not the default thus it will not be covered. It is important to know that there is nothing that Firestarter can do that you can not do with either UFW or by interacting directly with iptables.

                                                              You need to realize that Ubuntu's firewall is not enabled by default. You have to enable it.

                                                              The ts3 is on ubuntu. No firewall.

                                                              1 Reply Last reply Reply Quote 0
                                                              • W
                                                                Winzier09 last edited by

                                                                @Cyberloard:

                                                                When people connect are they using a domain address like ts.example.com or an IP address? If they are using only the domain address try using the IP address (the public one on the WAN).

                                                                Not using domain using IP

                                                                1 Reply Last reply Reply Quote 0
                                                                • Derelict
                                                                  Derelict LAYER 8 Netgate last edited by

                                                                  Well I only have this to say:

                                                                  If the ports forwarded are the proper ports and you have gone through everything on that list it would be working.

                                                                  I finger the local firewall on the host because there is no return traffic from .13 in your packet capture.  That or it's not really listening on that port.  Or you deliberately set the packet capture so it wouldn't display reply traffic.

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • W
                                                                    Winzier09 last edited by

                                                                    Well holy shit. It works now. Turns out I went back to my ubuntu server a forgot to change the gateway back to pfsense & it turns out my iptables somehow flushed themselves so none of the port were forwarded anymore.

                                                                    please use iptables-persistent, it's the easy way: Install iptables-persistent:

                                                                    sudo apt-get install iptables-persistent
                                                                    After installed, you can save/reload iptables rules anytime:

                                                                    sudo /etc/init.d/iptables-persistent save
                                                                        sudo /etc/init.d/iptables-persistent reload

                                                                    I used that to keep my ports save after a reboot, because they kept deleted without me knowing. You're a genius Derelict! Thanks again guys SOLVED.

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • Derelict
                                                                      Derelict LAYER 8 Netgate last edited by

                                                                      I didn't write the wiki page on port forwarding troubleshooting.

                                                                      Glad you got it working.

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • First post
                                                                        Last post

                                                                      Products

                                                                      • Platform Overview
                                                                      • TNSR
                                                                      • pfSense Plus
                                                                      • Appliances

                                                                      Services

                                                                      • Training
                                                                      • Professional Services

                                                                      Support

                                                                      • Subscription Plans
                                                                      • Contact Support
                                                                      • Product Lifecycle
                                                                      • Documentation

                                                                      News

                                                                      • Media Coverage
                                                                      • Press
                                                                      • Events

                                                                      Resources

                                                                      • Blog
                                                                      • FAQ
                                                                      • Find a Partner
                                                                      • Resource Library
                                                                      • Security Information

                                                                      Company

                                                                      • About Us
                                                                      • Careers
                                                                      • Partners
                                                                      • Contact Us
                                                                      • Legal
                                                                      Our Mission

                                                                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                                                      Subscribe to our Newsletter

                                                                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                                                      © 2021 Rubicon Communications, LLC | Privacy Policy