No game servers are working

Hello,
Running IPFire 2.27 (x86_64) - Core Update 169
IPS is not running
Enable Location based blocking: Disabled

Trying to run both a Quakeworld server and Painkiller.
Neither are working properly.
I’ll start with Quakeworld. It doesn’t advertise to the master server list.

netstat -ano reveals these ports listening locally
tcp 0 0 0.0.0.0:28502 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:28501 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:28000 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 127.0.0.1:28502 127.0.0.1:47419 ESTABLISHED keepalive (30.40/0/0)
tcp 0 0 127.0.0.1:28501 127.0.0.1:38307 ESTABLISHED keepalive (30.40/0/0)
tcp 10 0 127.0.0.1:38307 127.0.0.1:28501 ESTABLISHED keepalive (30.36/0/0)
tcp 10 0 127.0.0.1:47419 127.0.0.1:28502 ESTABLISHED keepalive (30.36/0/0)
udp 0 0 0.0.0.0:28000 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:28501 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:28502 0.0.0.0:* off (0.00/0/0)

I used this guide to write the firewall rules: wiki.ipfire.org - Creating a Port-Forward Rule

I have this rule for both TCP and UDP. Port forward tools like Open Port Check Tool - Test Port Forwarding on Your Router
show these ports are not open. And a friend on the internet using qstat to monitor the port. I know enough Linux to be dangerous but there is a lot I don’t know. I also tried adding another rule ANY IP source to my public IP, DNAT to the local host. This didn’t work. So there was a rule from ANY to the server IP. Whats weird is I can connect to the Quake server by going into the console and typing /connect , however, If people outside want to play, it will need fixed. Any ideas?
Thanks for any help!

Hi @hoek

Welcome to the IPFire community.

I am not sure if the : is the correct separator or not for port ranges. It might be a - but I am sure other people who know will respond on that.

The rest of your port forward rule looks okay to me and you can always test the port question by creating a rule with just one port specified. If that port is not shown as open when you test for it from the internet then there is something else blocking the port forward rule.

Is your IPFire connected to the internet via a simple modem or convertor box or ii there an ISP combined modem/firewall that has the firewall operation enabled.

If IPFire is connected through another firewall which then goes to the internet, then either you need to put the modem/firewall into a bridged mode so it does no firewall actions or every port forward rule in IPFire will need to be duplicated in the ISP Modem/Firewall.

The separator " : " is right. I use it for years and it’s working fine.

1 Like

Is your 10.9.8.0/24? net the local green one are a vpn? To make sure the host firewall is not the problem, run it beside/witrhout ipfire and try again. I guess you missed firewall rules for incoming connections at your host or your ISP uses dual stack and you won’t be able to host any games.

1 Like

My IPFire box is connected to a fiber modem. The modem (ONT) translates fiber into cat6 ethernet. I dont know what the box is because it’s on the outside of the house and locked. But simply, I do not have any other router/networking devices in front of this IPFire box. The house is wired with cat6. I highly doubt the ISP fiber modem has any sort of firewall stuff on it.

10.9.8.0/24 is my green network (local LAN). Sorry, not familiar with that term, “run it beside”?? thanks for all the help! IPFire has been great, until I tried running some servers… :frowning:

I have the same sort of thing on my fibre connection. The ONT converts the light signals to ethernet signals and there is no firewalling function.

Is the IP you get from the ISP a public IP or an IP from one of the three private ranges.

Some ISP’s give you a connection but they have a router themselves and do NAT’ing of their public IP into multiple private IP’s for their customers.
If it is a public IP then it should be accessible via a port forward on your IPFire.
If it is a private IP subnet address then you are out of luck because you won’t be able to do any port forwarding on your ISP’s router.

If you have a public IP then I am running out of ideas unless your ISP is blocking the ports for some reason.

1 Like

Post your external ip address

I have run a minecraft server in the past no problem.

With all due respect, how did we get into this before looking at anything else? It’s like we jumped directly into, “your ISP” before any other troubleshooting. Could there be conflicting rules in the firewall? The server host is Ubuntu and has no firewall running.

In your firewall rule have you tried source “red” instead of “any”

You showed one port forward rule and said that none of the ports specified showed as open when you tested from the internet and you don’t have an intervening firewall/route.

If you have other port forward rules or firewall rules then it would help if you could show them so we can see if they might be blocking your port forward rule. Without seeing them we are making various best guesses at potential causes of a port forward not opening the ports up.

1 Like

ports required is

image

your missing some ports

1 Like

Asking these questions is part of the troubleshooting!

I think they are trying to figure out if your are double NAT’d which is bad. If your ONT has NAT turned on then that is bad.

That is why they asked out public vs private and/or for the beginning numbers of your ISP Internet address.

1 Like

Just noticed no source port in your firewall rule.
may not need NAT in your rule either.

https://community.ipfire.org/uploads/default/original/2X/3/35c2603f8baa5cf99919421fca0e4e43832003ac.png

I would try Quake first, fewest ports
Red
NAT YES or NO probably doesn’t matter.
Source port 26000 TCP and UDP
Destination port 26000 TCP and UDP
Destination 10.9.8.244

NAT is mostly for port redirect.
Correct me if I’m wrong.

1 Like

How would I know if my ISP is double NAT? What kind of test could I perform on that? What kind of test could I perform to test my if my ISP is using public or private? Would running a TCPDUMP on the Red0 interface give information on this?

Yes, I’ve tried RED instead of ANY

If the pic above started with:
10.*.*.*
-or-
172.16.*.*
-or-
192.168.*.*

It would be private. Your IP looks like it is public 50.47.*.*

1 Like

So you will probably need to check ports as Shaun suggest in Post #12

-or-

Other firewall rules as Adolf suggested in Post #11

1 Like

Not sure you can have blank source port in firewall rule.
but if you need allot of rules for for your game server a service group is the way to go.
one of the best feature of ipfire.

makes firewall rules easier to manage

1 Like