Completely random port is forwarded

Andrthor · February 29, 2024, 9:15pm

I have this weird issue with the game “No one lives forever 1” and PFsense.
The nat rule I wrote takes care of forwarding a couple of No one lives forever 2 servers and should also forward the Nolf1 servers just fine. Except that it forwards a completely random port instead of 27890 like it should. The result is that the server never shows up in the game. This setup still works just fine in Nolf2 and also for Nolf1 on previous firewalls that I have used.

Have anyone else experienced this with older games?. Aliens vs Predator 2 runs on the same engine (lithtech 2). Nolf2 runs on the Lithtech Jupiter engine which is newer.

I would appreciate any ideas

xMAXIMUSx · February 29, 2024, 9:56pm

The source should be set to any on the ports because they can come in as any port but then NAT’d to the destination ports.

Andrthor · February 29, 2024, 10:09pm

Thank you for answering

I have tried this, but tried again. The port it ended up forwarding to the master server was port 52326. This makes absolutely no sense to me. Pfsense seems to do this different than other firewalls.

Updated Nat rule

xMAXIMUSx · March 1, 2024, 12:10am

Not sure I follow. If your game server has a an IP of 192.168.100.10 and range of 27888-27898 then your rule is correct. I’m not sure what you mean by master server and where you got the port 52326. Are you saying that is the inbound port it came in as?

Andrthor · March 1, 2024, 8:20am

Yes, 192.168.100.10 is the actual game server. It also runs a couple of Nolf2 servers that works, that’s why I forwarded a range. It seems like PFsense decided to scramble the ports for Nolf1 though. Maybe nolf2 just have better net code. I have never seen this happen in other firewalls.

Here’s a example.

You specify the port you want the server to run on during setup.
The second half of the image is a website that shows a feed from the game’s master server. Now it shows a completely random port 61999, while it should have been 27890. Pfsense changed the port for some reason.

This server never showed up ingame because there is nothing answering on that port.

xMAXIMUSx · March 1, 2024, 1:56pm

Pfsense is handling NAT as it is intended. If you want to test this you can open any port checker site and supply your public IP and port 27890. That should return a success. I think the game server is assigning itself whatever port is available. I don’t think this is a pfsense issue.

Andrthor · March 1, 2024, 2:52pm

I found the solution:

The custom NAT rule itself was not the issue.

I had to go to “Firewall->NAT->Outbound” and set it to “Hybrid Outbound NAT”

Then look for a auto created rule for the Vlan / DMZ this server lives inside, edit and check “Static port”.

Problem fixed. It is now showing the correct port.

Thanks for the input xMAXIMUSx