Port Forwarding certain ports to bypass vpn problem



  • Hi pfsense community. I'm looking for some help regarding port forwarding.

    I'd like to open up the ports my games uses to not go through the vpn connection, in order to avoid latency and loss problems I just want it to go straight via the isp wan.

    In this case the official statement from blizzard claims their games uses ports on tcp/udp 1119, 6113, 1120, 80, and 3724.

    Through pfsense interface I've set up following:
    http://oi62.tinypic.com/5wa0qh.jpg
    (10.220.0.3 is my static)

    I am however still experiencing latency and package losses ingame, so I'm still connected over vpn - what am I missing here? Any help is appreciated.
    Best Regards


  • Netgate

    It is unclear to me if all those ports correspond to outbound destination ports or just the inbound ports that need to be forwarded.

    You might have better luck identifying the traffic you want to go out the VPN, checking Don't pull routes in the VPN client config (thereby not accepting a default route from the VPN provider), and routing specific traffic to the VPN instead of trying to exclude games from the VPN.

    Either way, you need to pick a default route (either your WAN or the VPN), identify the exceptions, and policy route that traffic accordingly.  The traffic easiest to identify should be the exceptional traffic, with everything else going to the default gateway.

    Also, look at these:

    https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

    https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

    That last rule on LAN will never be processed because the rules above it will match first.

    How to identify traffic for Blizzard might be better asked in the Games forum.