Well i have been fiddling with the firewall rules for 2 weeks now.
I still searching to open a bunch of ports that is required for the game connect to the servers.
So following the ipfire wiki Red -> Green Closed. Use port forwarding or VPN.
Then when starting the game it didnt connected to the servers (but it does if i plug the modem directly into the computer)
Is it a DNS thing?
So i decided to make a rule to allow all ports red to green in udp and tcp.
Same thing no connection to the game servers.
its too bad that all other games have no connection issues.
Last hope here, im giving a try on the community. if no luck maybe ipfire is not for me.
thanks in advance!
Thanks for the fast reply.
Ok i follow your instructions and hell ya its easier to understand this way and also much more faster too.
unfortunately i have the same issue with the ‘connecting…’ loop
I suspected the DNS over TLS may have something to do.
So i tried isp dns with default settings…no luck.
Strangely enough i can connect to the game through a wireguard vpn that i have on linode and the connection works with or without the rules.
So this is half solved. temporary fix.
Is it ok to post wireshark cap files here?
I run 4 test which was:
game + no-vpn + no-rules = no connection
game + no-vpn + rules = no connection
game + vpn + no-rules = yes
game + vpn + rules = yes
What you do is is in my eyes really dangerous! If you open such a big range from all to green, IPFire is nothing worth anymore. Neither any other Firewall…
Why i think that can not all be true…
Lets have a look on a few mentioned ports.
1080,3128,8080-8081
The common usecase for such ports are proxy related. I dont think that this game install such a bunch of proxy ports on your pc i guess you have to reach this ports not the opposit.
3478-3479,5060,5062
This are stunn, voip ports. Stunn are exactly for this usecase, if you are behind nat (what you are with IPFire) your voip works anyway. So also you have to reach this ports not the opposit.
Maybe the rest of the ports are the same…?
If this game anyway really need all this ports from outside to you, the only correct solution is delete it. Now! Why? because with security have this nothing to do anymore…
First i have to specify that i opened all ports for testing purpose. I am aware that i was exposing myself, please dont worry there are many why’s to anwser.
The testing was :
to test why i cannot reach the game server. I discovered it wasnt the rules i put that made the difference why? on a port scan some of the ports didnt show opened.
Then I contact the game support and they supply me a list of ports that are way less than the recommended one. I remake the port forwarding list as Roberto instructed me too.
This are stunn, voip ports. Stunn are exactly for this usecase, if you are behind nat (what you are with IPFire) your voip works anyway
I dont have any voip but i suppose its the commlink in the game that use that feature.
If this game anyway really need all this ports from outside to you, the only correct solution is delete it. Now!
There is no point of uninstalling without understanding what is really going on. Temporary solution works (linode vpn) works great.
But why uninstalling if through a vpn the game runs? Isnt Something Strange to you?
You see there are many why’s along this quest, i want ipfire to work fine with accessing some servers on the web and the most i want to as a newb in linux, to understand what is really going on.
Yep the computer is on the green side.
because on the firewall logs i cannot see why one or two connections are blocked maybe its not logging the drop or reject.
i do i find or analyze the behaviour of suricata?
because i dont have location block or proxy activated. im on a basic setup here.
At least im pretty sure thats not the rules that will permit the connection to the server.