Hello,
Running IPFire 2.27 (x86_64) - Core Update 169
IPS is not running
Enable Location based blocking: Disabled
Trying to run both a Quakeworld server and Painkiller.
Neither are working properly.
I’ll start with Quakeworld. It doesn’t advertise to the master server list.
netstat -ano reveals these ports listening locally
tcp 0 0 0.0.0.0:28502 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:28501 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:28000 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:28502 127.0.0.1:47419 ESTABLISHED keepalive (30.40/0/0)
tcp 0 0 127.0.0.1:28501 127.0.0.1:38307 ESTABLISHED keepalive (30.40/0/0)
tcp 10 0 127.0.0.1:38307 127.0.0.1:28501 ESTABLISHED keepalive (30.36/0/0)
tcp 10 0 127.0.0.1:47419 127.0.0.1:28502 ESTABLISHED keepalive (30.36/0/0)
udp 0 0 0.0.0.0:28000 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:28501 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:28502 0.0.0.0:* off (0.00/0/0)
I have this rule for both TCP and UDP. Port forward tools like Open Port Check Tool - Test Port Forwarding on Your Router
show these ports are not open. And a friend on the internet using qstat to monitor the port. I know enough Linux to be dangerous but there is a lot I don’t know. I also tried adding another rule ANY IP source to my public IP, DNAT to the local host. This didn’t work. So there was a rule from ANY to the server IP. Whats weird is I can connect to the Quake server by going into the console and typing /connect , however, If people outside want to play, it will need fixed. Any ideas?
Thanks for any help!
I am not sure if the : is the correct separator or not for port ranges. It might be a - but I am sure other people who know will respond on that.
The rest of your port forward rule looks okay to me and you can always test the port question by creating a rule with just one port specified. If that port is not shown as open when you test for it from the internet then there is something else blocking the port forward rule.
Is your IPFire connected to the internet via a simple modem or convertor box or ii there an ISP combined modem/firewall that has the firewall operation enabled.
If IPFire is connected through another firewall which then goes to the internet, then either you need to put the modem/firewall into a bridged mode so it does no firewall actions or every port forward rule in IPFire will need to be duplicated in the ISP Modem/Firewall.
Is your 10.9.8.0/24? net the local green one are a vpn? To make sure the host firewall is not the problem, run it beside/witrhout ipfire and try again. I guess you missed firewall rules for incoming connections at your host or your ISP uses dual stack and you won’t be able to host any games.
My IPFire box is connected to a fiber modem. The modem (ONT) translates fiber into cat6 ethernet. I dont know what the box is because it’s on the outside of the house and locked. But simply, I do not have any other router/networking devices in front of this IPFire box. The house is wired with cat6. I highly doubt the ISP fiber modem has any sort of firewall stuff on it.
10.9.8.0/24 is my green network (local LAN). Sorry, not familiar with that term, “run it beside”?? thanks for all the help! IPFire has been great, until I tried running some servers…
I have the same sort of thing on my fibre connection. The ONT converts the light signals to ethernet signals and there is no firewalling function.
Is the IP you get from the ISP a public IP or an IP from one of the three private ranges.
Some ISP’s give you a connection but they have a router themselves and do NAT’ing of their public IP into multiple private IP’s for their customers.
If it is a public IP then it should be accessible via a port forward on your IPFire.
If it is a private IP subnet address then you are out of luck because you won’t be able to do any port forwarding on your ISP’s router.
If you have a public IP then I am running out of ideas unless your ISP is blocking the ports for some reason.
With all due respect, how did we get into this before looking at anything else? It’s like we jumped directly into, “your ISP” before any other troubleshooting. Could there be conflicting rules in the firewall? The server host is Ubuntu and has no firewall running.
You showed one port forward rule and said that none of the ports specified showed as open when you tested from the internet and you don’t have an intervening firewall/route.
If you have other port forward rules or firewall rules then it would help if you could show them so we can see if they might be blocking your port forward rule. Without seeing them we are making various best guesses at potential causes of a port forward not opening the ports up.
I would try Quake first, fewest ports
Red
NAT YES or NO probably doesn’t matter.
Source port 26000 TCP and UDP
Destination port 26000 TCP and UDP
Destination 10.9.8.244
NAT is mostly for port redirect.
Correct me if I’m wrong.
How would I know if my ISP is double NAT? What kind of test could I perform on that? What kind of test could I perform to test my if my ISP is using public or private? Would running a TCPDUMP on the Red0 interface give information on this?
Not sure you can have blank source port in firewall rule.
but if you need allot of rules for for your game server a service group is the way to go.
one of the best feature of ipfire.