Port Forwarding for games

Getting Started with IPFire
#1

Well i have been fiddling with the firewall rules for 2 weeks now.
I still searching to open a bunch of ports that is required for the game connect to the servers.

TCP: 1080,3128,8080-8081,8088,8888,20000-25000,32801,32803
UDP: 3478-3479,5060,5062,12000-29999,32801-32825

So following the ipfire wiki
Red -> Green Closed. Use port forwarding or VPN.
Then when starting the game it didnt connected to the servers (but it does if i plug the modem directly into the computer)
Is it a DNS thing?
So i decided to make a rule to allow all ports red to green in udp and tcp.
Same thing no connection to the game servers.
its too bad that all other games have no connection issues.

Last hope here, im giving a try on the community. if no luck maybe ipfire is not for me.
thanks in advance!

#2

Hi @psyberjocker.

I use this feature a lot and it works perfectly for me. I explain how I make it work.

1st, create objects the necessary ports in order to create the rule more easily. wiki.ipfire.org - Services

imagen
imagen952×488 12.4 KB

2nd, Create an object that groups together all the objects (ports) previously created .wiki.ipfire.org - Service Groups

imagen
imagen948×641 20.3 KB

3rd, Create the Host object of the computer where the game is installed. wiki.ipfire.org - Hosts

imagen
imagen971×174 5.78 KB

4th, With all the ingredients, create the firewall rule.

imagen
imagen967×925 32.3 KB

With the way of creating this rule, apart from working correctly (it should) is much more understandable.

Tell us the results.

Regards and happy new year!!!.

#3

Thanks for the fast reply.
Ok i follow your instructions and hell ya its easier to understand this way and also much more faster too.
unfortunately i have the same issue with the ‘connecting…’ loop
I suspected the DNS over TLS may have something to do.
So i tried isp dns with default settings…no luck.
Strangely enough i can connect to the game through a wireguard vpn that i have on linode and the connection works with or without the rules.
So this is half solved. temporary fix.
Is it ok to post wireshark cap files here?
I run 4 test which was:
game + no-vpn + no-rules = no connection
game + no-vpn + rules = no connection
game + vpn + no-rules = yes
game + vpn + rules = yes

Thanks and Happy new year!

#4

Hi again @psyberjocker.

Maybe it could be some module that is intercepting / filtering the requests ?, say Suricata, Location Block, Proxy, etc …

With the VPN it works perhaps because the communication is encrypted and that is why it does not intercept anything.

The game is on a PC inside Green and what it does not leave are the external connections to the game that is on Green from the IPFire, right?

Regards.

#5

What you do is is in my eyes really dangerous! If you open such a big range from all to green, IPFire is nothing worth anymore. Neither any other Firewall…

Why i think that can not all be true…

Lets have a look on a few mentioned ports.

1080,3128,8080-8081

The common usecase for such ports are proxy related. I dont think that this game install such a bunch of proxy ports on your pc i guess you have to reach this ports not the opposit.

3478-3479,5060,5062

This are stunn, voip ports. Stunn are exactly for this usecase, if you are behind nat (what you are with IPFire) your voip works anyway. So also you have to reach this ports not the opposit.

Maybe the rest of the ports are the same…?

If this game anyway really need all this ports from outside to you, the only correct solution is delete it. Now! Why? because with security have this nothing to do anymore…

Just my 2 cents…

#6

Hello Tulpenknicker, you said :

What you do is is in my eyes really dangerous!

First i have to specify that i opened all ports for testing purpose. I am aware that i was exposing myself, please dont worry there are many why’s to anwser.

The testing was :

  • to test why i cannot reach the game server. I discovered it wasnt the rules i put that made the difference why? on a port scan some of the ports didnt show opened.

Then I contact the game support and they supply me a list of ports that are way less than the recommended one. I remake the port forwarding list as Roberto instructed me too.

This are stunn, voip ports. Stunn are exactly for this usecase, if you are behind nat (what you are with IPFire) your voip works anyway

I dont have any voip but i suppose its the commlink in the game that use that feature.

If this game anyway really need all this ports from outside to you, the only correct solution is delete it. Now!

There is no point of uninstalling without understanding what is really going on. Temporary solution works (linode vpn) works great.

But why uninstalling if through a vpn the game runs? Isnt Something Strange to you?

You see there are many why’s along this quest, i want ipfire to work fine with accessing some servers on the web and the most i want to as a newb in linux, to understand what is really going on.

Thanks for your help.

Provenance : Courrier pour Windows 10

695D2560451F42C0AC8841B6DE717CA0.png
695D2560451F42C0AC8841B6DE717CA0.png708×1 82 Bytes

#7

Yep the computer is on the green side.
because on the firewall logs i cannot see why one or two connections are blocked maybe its not logging the drop or reject.
i do i find or analyze the behaviour of suricata?
because i dont have location block or proxy activated. im on a basic setup here.
At least im pretty sure thats not the rules that will permit the connection to the server.

Thanks