I have this rule for both TCP and UDP. Port forward tools like Open Port Check Tool - Test Port Forwarding on Your Router
show these ports are not open. And a friend on the internet using qstat to monitor the port. I know enough Linux to be dangerous but there is a lot I don’t know. I also tried adding another rule ANY IP source to my public IP, DNAT to the local host. This didn’t work. So there was a rule from ANY to the server IP. Whats weird is I can connect to the Quake server by going into the console and typing /connect , however, If people outside want to play, it will need fixed. Any ideas?
Thanks for any help!
I am not sure if the : is the correct separator or not for port ranges. It might be a - but I am sure other people who know will respond on that.
The rest of your port forward rule looks okay to me and you can always test the port question by creating a rule with just one port specified. If that port is not shown as open when you test for it from the internet then there is something else blocking the port forward rule.
Is your IPFire connected to the internet via a simple modem or convertor box or ii there an ISP combined modem/firewall that has the firewall operation enabled.
If IPFire is connected through another firewall which then goes to the internet, then either you need to put the modem/firewall into a bridged mode so it does no firewall actions or every port forward rule in IPFire will need to be duplicated in the ISP Modem/Firewall.
Is your 10.9.8.0/24? net the local green one are a vpn? To make sure the host firewall is not the problem, run it beside/witrhout ipfire and try again. I guess you missed firewall rules for incoming connections at your host or your ISP uses dual stack and you won’t be able to host any games.
My IPFire box is connected to a fiber modem. The modem (ONT) translates fiber into cat6 ethernet. I dont know what the box is because it’s on the outside of the house and locked. But simply, I do not have any other router/networking devices in front of this IPFire box. The house is wired with cat6. I highly doubt the ISP fiber modem has any sort of firewall stuff on it.
I have the same sort of thing on my fibre connection. The ONT converts the light signals to ethernet signals and there is no firewalling function.
Is the IP you get from the ISP a public IP or an IP from one of the three private ranges.
Some ISP’s give you a connection but they have a router themselves and do NAT’ing of their public IP into multiple private IP’s for their customers.
If it is a public IP then it should be accessible via a port forward on your IPFire.
If it is a private IP subnet address then you are out of luck because you won’t be able to do any port forwarding on your ISP’s router.
If you have a public IP then I am running out of ideas unless your ISP is blocking the ports for some reason.
With all due respect, how did we get into this before looking at anything else? It’s like we jumped directly into, “your ISP” before any other troubleshooting. Could there be conflicting rules in the firewall? The server host is Ubuntu and has no firewall running.
You showed one port forward rule and said that none of the ports specified showed as open when you tested from the internet and you don’t have an intervening firewall/route.
If you have other port forward rules or firewall rules then it would help if you could show them so we can see if they might be blocking your port forward rule. Without seeing them we are making various best guesses at potential causes of a port forward not opening the ports up.
How would I know if my ISP is double NAT? What kind of test could I perform on that? What kind of test could I perform to test my if my ISP is using public or private? Would running a TCPDUMP on the Red0 interface give information on this?