Server is not showing up on the server browser

[KnacK]

I am getting a reply back on the heartbeat:

Code: [Select]

[21:04:31] Sending heartbeat to 70.85.9.178:27900
[21:04:31] Heartbeat acknowledged from 70.85.9.178:27900
I have ports 27900, 27910, and 27920 open both ways on the firewall.

I can connect to the servers at:
69.153.214.242:27910 and 27920

Anyone have any ideas? Am I missing opening a port?

[FlaMe]

you have public set to 1 on the config.cfg?

[XtremeBain]

69.153.214.242:57937
69.153.214.242:57941
69.153.214.242:57957
69.153.214.242:57961
69.153.214.242:57984
69.153.214.242:57988
69.153.214.242:58004
69.153.214.242:58005
69.153.214.242:58023
69.153.214.242:58025
69.153.214.242:58045
69.153.214.242:58050
69.153.214.242:58069
69.153.214.242:58070
69.153.214.242:58091
69.153.214.242:58095
69.153.214.242:58116
69.153.214.242:58120
69.153.214.242:58150
69.153.214.242:58153
69.153.214.242:58172
69.153.214.242:58174
69.153.214.242:58196
69.153.214.242:58199

Outbound UDP NAT issues....

[KnacK]

hmmm

That doesn't make sense........

after a few moments...

ok all outbound from the server is set to allow 27900,910, and 920 tcp and udp from private ip to external
Inbound I reset as it originally had a pub ip of 69.153.214.246 which is what I originalyl want it on.

But I am going to have to make this work to test then move the lan connection from the server to another port on the firewall and nat that over.

Let's see what happens.

Set public 1 is in my server.cfg file and command line.

[KiLo]

Make sure you have master0.gamespy.com as one of the setmasters (if not try q2master.planetquake.com)

[KnacK]

done - I'm using the same basic config as the GT Pub servers.

*on edit*
I need to revisit my NAT and PAT on my firewall.  I think I have a rule that is trumping another rule for the game server.

* KnacK grabs the remington 870 *problem solver* on the way out the door to work this morning....

[XtremeBain]

* KnacK grabs the remington 870 *problem solver* on the way out the door to work this morning....

I usually use something like this, but the Remington may work just as good.

The other q2 master servers have nothing to do with this, they can be there or not, doesn't really matter.  It is definately a NAT issue, and could be present in your firewall config or in the iptables of your box.  The heartbeat script just adds the source ip:port whenever it receives a heartbeat (after it has ACK'd it).  The NAT is doing all the magic to translate lan:27910 to wan:57937 and then it waits for dplogin.com:27900 and makes sure it gets the same return path back to lan:27910.  UDP is stateless so your firewall waits for another dplogin.com:27900 but will time out.  On its next heartbeat it increments to another unused port number.

Are you using a hardware or pc iptables firewall solution?  If you can't figure it out feel free to turn on logging and pm me your ruleset and log.

[KnacK]

Thanks Bain,

I didn't know about the incremental port number on the outbound side.

I'm using a Watchguard Firebox x750e.

I'm going to blow out the rules and start from scratch.  Basically I have my outbound rule set to any internal > any external for the needed tcp and udp ports but  I think my external interface config is teasing me somewhere.

Give me a few hours to get my mornign going and we will see whats up.

[XtremeBain]

I didn't know about the incremental port number on the outbound side.

NAT uses an what they call "incremental allocation" for the ports when it can not reserve the intended source port.  You need to figure out what rule is causing it to trigger this mode.  It would probably be an old forward rule on 27910.  When the packet reaches the firewall it checks its allocation table to see if the source port is available or if it has been reserved for another system or use.  Say if you had a second server up on 27910 and it was already heartbeating and there were players on, this new server would switch over to incremental allocation until the active server was taken offline.  The same thing will happen if you have another 27910 forward rule, it knows not to use that port since that system would miss the packet when it returns (due to the forward rule it would go to wherever that rule intends it to go), places it on a temporary port when it receives a responce it switches it over to your server back on 27910.  The problem is that the timeout is really low since they're UDP packets.  Hopefully you don't have many rules to recover after the wipe

I'm using a Watchguard Firebox x750e.

That's seriously sick.

[XtremeBain]

So, uh.... Did you get it to work (no ip:port showing up in server list at the moment)?

[KnacK]

I've had to put it on the side burner for a few days as I have to get a new policom setup to pass thru the firewall.  Once I get that completed it will make my life easier to get the dp server up and running.

I'll keep you posted.