10.9.8.0/24 is my green network (local LAN). Sorry, not familiar with that term, “run it beside”?? thanks for all the help! IPFire has been great, until I tried running some servers… 
I have the same sort of thing on my fibre connection. The ONT converts the light signals to ethernet signals and there is no firewalling function.
Is the IP you get from the ISP a public IP or an IP from one of the three private ranges.
Some ISP’s give you a connection but they have a router themselves and do NAT’ing of their public IP into multiple private IP’s for their customers.
If it is a public IP then it should be accessible via a port forward on your IPFire.
If it is a private IP subnet address then you are out of luck because you won’t be able to do any port forwarding on your ISP’s router.
If you have a public IP then I am running out of ideas unless your ISP is blocking the ports for some reason.
1 Like
With all due respect, how did we get into this before looking at anything else? It’s like we jumped directly into, “your ISP” before any other troubleshooting. Could there be conflicting rules in the firewall? The server host is Ubuntu and has no firewall running.
In your firewall rule have you tried source “red” instead of “any”
You showed one port forward rule and said that none of the ports specified showed as open when you tested from the internet and you don’t have an intervening firewall/route.
If you have other port forward rules or firewall rules then it would help if you could show them so we can see if they might be blocking your port forward rule. Without seeing them we are making various best guesses at potential causes of a port forward not opening the ports up.
1 Like
Asking these questions is part of the troubleshooting!
I think they are trying to figure out if your are double NAT’d which is bad. If your ONT has NAT turned on then that is bad.
That is why they asked out public vs private and/or for the beginning numbers of your ISP Internet address.
1 Like
Just noticed no source port in your firewall rule.
may not need NAT in your rule either.
I would try Quake first, fewest ports
Red
NAT YES or NO probably doesn’t matter.
Source port 26000 TCP and UDP
Destination port 26000 TCP and UDP
Destination 10.9.8.244
NAT is mostly for port redirect.
Correct me if I’m wrong.
How would I know if my ISP is double NAT? What kind of test could I perform on that? What kind of test could I perform to test my if my ISP is using public or private? Would running a TCPDUMP on the Red0 interface give information on this?
Yes, I’ve tried RED instead of ANY
If the pic above started with:
10.*.*.*
-or-
172.16.*.*
-or-
192.168.*.*
It would be private. Your IP looks like it is public 50.47.*.*
1 Like
So you will probably need to check ports as Shaun suggest in Post #12
-or-
Other firewall rules as Adolf suggested in Post #11
1 Like
Not sure you can have blank source port in firewall rule.
but if you need allot of rules for for your game server a service group is the way to go.
one of the best feature of ipfire.
makes firewall rules easier to manage
1 Like
It is set to Any in Sven’s screenshot and that should be fine.
1 Like
Per the wiki
When creating NAT rules with selected TCP or UDP protocol yet another item will be displayed. It is used to specify theExternal Port which will be forwarded to a given port and host.
Seams strange to not have source port filled in.
These are different versions of the game, and therefore have different ports requirements. The Quakeworld community, who has some very smart people, have assured me, I only need what I have defined. Which is the whole reason I began pointing towards my router. If other people are doing it, with the same few ports I’ve listed, then it must be because my router differs from theirs. If you REALLY REALLY NEED me to right rules for all these ports that aren’t specific to my game, in order to further this troubleshooting process, I can do that. I just really think that these ports are not applicable. Especially considering on both client and server side I’ve done TCPDUMPs in attempts to sniff what ports are being broadcasted and communicating and etc…etc…
I don’t have any other rules written, because I don’t have any other services running or am trying to run other services. Are you suggesting I try writing a port forward rule for port 80 and seeing if the “yougetsignal.com” testing site shows port 80 as open? I can do that. Just confirm if that’s what you want me to try. Do you want me to just dump my iptables -S results? Thanks!