Looks good.
OK, so after having setup that service group, I am getting a positive (expected) response when testing with Open Port Check Tool - Test Port Forwarding on Your Router
However, in the firewall logs it seems the Quakeworld master servers out on the internet in charge of taking notice of my server advertising is being blocked.
and then at some point during the next day it changed to this…
firewall logs show October 2nd was blocked, then October 3rd DNAT and FORWARDFW took over. I changed nothing during this time.
However Painkiller still not working and I don’t see anything in the firewall logs for those ports “3457” and “3580” being blocked.
Here is the service group for that.
and the firewall rule
Other than going to Logs > Firewall Logs, is there another place I can look to troubleshoot? I don’t see anything from that IP being dropped. Even if it were dropped, would it be logged?
here are my log settings
If I tcpdump on port 3580, it seems that my server is able to advertise to the openspy.net master server.
I can connect to the server locally successfully.
I wanted to follow up to let you guys know that the Painkiller server is working. I verified by installing the game on my laptop, tethering my laptop to my iPhone hotspot, confirming I was indeed on the hotspot network, and running the game and joining the server successfully. However, despite Quake showing the port forwarding was working and the ports were open with yougetsignal.com, it doesn’t show that with Painkiller.
I find this very odd. I also find it strange that there are no logs at all regarding that port.
IPFIRE is known to hang on changes when below a certain memory threshold. Try a reboot of the firewall. Other than that, your rules as posted should work.
One last thought. It is possible the port is blocked by your ISP. Wouldn’t be the first time I’ve seen an ISP block random ports.
How can I tell if this memory threshold thing has happened?
Only port blocked by my ISP is port 25. But if UDP port 3457 is blocked, why can I connect to my server on UDP port 3457 successfully, but if I test it with an online port scanner tool (yougetsignal.com), it shows that it’s closed. I even tested it with another port checker site, same result. Just those painkiller ports show closed. I test it locally with NMAP, it’s open. If I port test 28501, it’s open.
As mentioned in my earlier post
https://community.ipfire.org/t/no-game-servers-are-working/8512/32
the port checker applications use TCP for their test. You need to check the port forward is open with TCP and if that works then the same rule but with TCP changed to UDP will also work.
The reason that the port checkers use TCP is that it has handshaking so that if delivery fails for some reason that is fed back. With UDP if it fails to get where it needs to it just disappears. You will never get any feedback that it did or didn’t get to its destination.
5 Likes
thanks @bonnietwin
thanks for keeping me honest. From my tethered laptop, I performed NMAP on my WAN IP port 3457 and port 3580 and it reports open. Hopefully other people using these online tools will be reminded it’s TCP only. Best to use an industry standard tool like NMAP to be completely sure.
But not everyone will have access to an outside IP, like how I am from my iPhone hotspot. Which is why these websites are attractive in the first place. It seems everything is good and working. Is there a place to view raw firewall logs that’s not through the GUI? Where are firewall logs stored on disk?
The firewall logs are in
/var/log/messages*
This contains logs from many programs so you would need to grep the entries for containing kernel:
This will still have some other stuff. To filter more you would need to look at the code for the Firewall Logs that are shown in the wui as that filters the messages files to extract the required entries.