Pfsense + cod4Mw server
-
No.. The server cannot get a connection to the outside world, meaning its not showing on the server list nor can anyone connect to it … Yet the machine has internet no problem , i can connect to it locally no problem.
They are the only 3 ports the game / server uses.
-
By chance do you have a double NAT situation? pfSense behind another router or modem that is a combination modem/router?
use this if you aren't sure http://www.pcwintech.com/files/shanes_toolbox/detect_routers.exe
from here: http://www.pcwintech.com/shanes-toolbox -
Hi
good point. Ran the little program but no only 1…. Im setup like ... Modem> pfsense> 48 port switch > rest of network. So pretty much pfsense is at the forefront of everything.
What ill do later on is check my modem as its a Locked down version ( isp locked it ) and reflash it and see if its NAT'd but i doubt it.
-
Might try the custom port scanner test here:
http://www.whatsmyip.org/port-scanner/Do it with the game running and check the ports you forwarded, will at least let you know if they can be seen from the outside.
-
nope nothing.
all tests timed out.
ports for the game also timed out even with no firewall enabled on the server. :(
Think im just gonna get rid of pfsense if its gonna cause simple probs like this.
-
might post screenshot(s) of the full settings of one of your port forwards.
-
ive reset the whole pfsense box so ill get some shots up later on :D
-
Assuming you're not in a double nat situation, (which is easily detectable on the status page… no need to check your modem) I only see one thing wrong with your rule(s):
Destination - ANY - (although i know the external ip this makes no difference.)
your rule is created on the WAN interface, so your Destination should be set to type "WAN address" not "any".
First things first, are you double NAT'd?… i.e. on the status page, does your WAN interface have a public or private IP? If it's private, then you are double NAT'd and you need to fix that first and get your modem into bridge mode because all your NAT configurations are moot otherwise.
Lastly, fix your NAT destination type and you should be good to go.
-
Assuming you're not in a double nat situation, (which is easily detectable on the status page… no need to check your modem) I only see one thing wrong with your rule(s):
Destination - ANY - (although i know the external ip this makes no difference.)
your rule is created on the WAN interface, so your Destination should be set to type "WAN address" not "any".
First things first, are you double NAT'd?… i.e. on the status page, does your WAN interface have a public or private IP? If it's private, then you are double NAT'd and you need to fix that first and get your modem into bridge mode because all your NAT configurations are moot otherwise.
Lastly, fix your NAT destination type and you should be good to go.
Hi Marvosa..
No im not double nat'd, As a public ip shows up on pfsense,, and my modem was already in bridge mode :P
Pf box was also set it to "WAN Address" but that also made no difference.
Ill update later when i get around to sorting it all out again , just busy doing other stuff atm :(
-
ok.
still no go even with firewall off on the (cod4 server ) its still not connecting. port scan just isnt finding the open ports, but from my main machine to the server i can ping the ports to see their open. Tried a few different ways to set the server since reverting back to defaults but nothing.
Thanks for the help but im getting rid of the Pfsense box and going back to my old microsoft TMG.
I dont understand how Pfsense makes the simplest of tasks of Ip forwarding / unrestricting ip traffic to or from a single ip so dam hard!! >:( :-\
Its not just this issue thats made me scrap pfsense its a few other problems i.e Reverse settings, things not saving properly, etc but hey ho.
Cheers again Guys :D
-
No im not double nat'd, As a public ip shows up on pfsense,, and my modem was already in bridge mode
Public IP, Good.
Pf box was also set it to "WAN Address" but that also made no difference.
I realize it was… but change it back.
Ill update later when i get around to sorting it all out again , just busy doing other stuff atm
Sounds good. We'll wait for an update.
Port Forwarding in PFsense is pretty straight forward. As a matter of fact, I have 19 working port forwards myself and once you change your destination address back to "WAN address", your config will be identical to all of mine, which are working.
Unfortunately, there are multiple things to troubleshoot here:
-
Verify the associated firewall rule is present and matches your port forward.
-
Is your game server DHCP or static? If DHCP, re-verify it's still @ 192.168.1.109.
-
Verify your server is using PFsense as the default gateway
-
Disable the software firewall on the server until we can verify traffic is reaching it
-
Have you checked the logs? Are you seeing blocks on port 28960 or any of the others?
-
You've mentioned your network map looks like this -> Modem> pfsense> 48 port switch > rest of network…. is that switched managed? Are there any static routes and/or VLANs that weren't mentioned?
-
Rules are parsed top-down, so verify there aren't any overlapping rules
-
I would also rule out an application issue on the server…. use netstat to verify the port is actually open on the interface/IP you're expecting.
-
Also, you can run packet captures on both PFsense and the server, which will tell you where the packets are coming from, where they're going and if they are making to their destination
Given your typical home setup… i.e. Modem -> PFsense ->Switch -> LAN..... PFsene really is about as straight forward as it gets with things like port forwarding, so barring a corrupted install or a verified bug where PFsense itself is actually the problem....there has to be a detail missing that is interfering with your traffic.
Granted, I'm a Network Admin by trade, so I have an above average grasp of what it takes to get packets to their destination, but I've been running PFsense since 2009 and it's always been solid and just worked. I'd hate to see you scrap the product over something simple like port forwarding.
If you were to tell me that PFsense is missing some routing features you needed/wanted like twice NATs or EIGRP and you were looking at an ASA, then I would say go where you gotta go, but port forwarding in PFsense is pretty elementary.
I'm pretty confident I can get you squared away, so if you are willing to PM me and give me access.... I'd like to help out and revive the PFsense experience for you.
-
-
Thanks marvosa :-* :o ;D .. But its gone. Ive gone back to my router.
Being pfsense completly new to me and somethings i was unsure of made me reset Pfsense directly back to default state, obviously having to re assign ips etc.. all to make sure everything was at the start from scratch - best way really.
First thing i did was setup the port forward on the box for the server to make sure it worked… but nothing. tried multiple ways again, nothing.
Ill work through your list thou.
1. did that. I went port forward first which then obvioulsy linked in a rule to the firewall and which showed up linked.
2. DHCP addy, so still leased to its new ip. (192.168.1.5)
3. yup, everything was using the pf box as its gateway and not another addy
4. Yup tried with it on and off. - it will alert me to new traffic coming in if its not in the rule chart. (symantec enterprise )
5. nope no blocked ports being shown. - only incoming port scans from the WAN + net connections etc.
6. nope, just a basic network - pfsense acting as the main DHCP server. NO vlans on this network etc, running 6 pcs and an asus AC66U AP.
7. yup, only 3 rules on there were the servers, + ABOVE the other 2 rules.
8. no probs with the server, is working perfectly fine, before pf came into the network, tried again direct to the net and it stil connected to the net no problem, with firewall enabled and disabled. Netstat showed the ports open on the server.If i ran my connection like.. Modem> AP > Switch (server in switch ) > pfsense > lan , then it works ... but i dont want the pfsense box via my asus router. kinda defeats the point.
Like u say port forwarding is pretty simple... so for me to be scratching my head over it id sooner do without it.
So balls to it..
Cheers again thoe :)
-
Arghhh…. lol! I love solving issues like that :)
Even though you went back to your ASUS, the first thing I would do is set your server static, so you aren't potentially chasing around IP's every 8 days.
If you ever got back, let me know... I'd love to help troubleshoot it.