OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: DrDeed on November 24, 2016, 04:21:34 pm
-
Hey All,
I'm having some odd issues with Rainbow Six Siege, and I know it sounds crazy but I was really hoping maybe someone here could help.
Apparently in Rainbow Six if you invite a friend to group, it attempts to join your networks directly. Yes directly, I can see his IP actively trying to communicate with mine (when inviting) via the log.
I know for sure it's my firewall setup because when I bypass and connect directly to internet (receiving WAN IP), it works without issue. Yes I know this isn't ideal for sure, but I had to make sure it wasn't Rainbow 6.
I've forwarded all the ports suggested here:
https://support.ubi.com/en-us/Faqs/000024695/Connectivity-Troubleshooting-PC-R6S
And I've enabled UPnP as someone had suggested to turn it off and back on (mine was never on).
My hope/question is as follows:
Is there anyone here who can think of anything else that might need to typically be turned on/off or configured for most (if not all) video games to typically work?
Thanks,
- Sam
-
Hi Sam,
There is an old thread over here that might be of interest:
https://forum.opnsense.org/index.php?topic=1368.0
What is your current OPNsense version? This will be needed for further analysis if you can't get it to work. There currently seems to be an odditiy in UPnP for some setups since 16.7.8.
Cheers,
Franco
-
To add to this from my thread I forgot to update here (Sorry I got married that month!)
https://forum.opnsense.org/index.php?topic=3778.0
I updated to the newer 17 Alpha and My NAT type on the PS4 has switched back to 2 without the need of any configuration.
Current build number is
OPNsense 17.1.a_539-amd64
FreeBSD 11.0-RELEASE-p2
OpenSSL 1.0.2j 26 Sep 2016
-
Hey Franco and Solaris.
For starters, you all are awesome, haven't yet read through all the provided material but I'm appreciative of the effort. I will report back the moment I've read through everything provided, and tried any suggestions.
My current version is:
OPNsense 16.7.8-amd64
FreeBSD 10.3-RELEASE-p11
OpenSSL 1.0.2j 26 Sep 2016
Franco if what you say is true, I assume maybe there is a patch I should be waiting (and excitedly looking forward) to?
EDIT: Or would it be worth me moving out of production to quickly resolve my issue?
-
The issue was fixed just a bit ago:
https://forum.opnsense.org/index.php?topic=3976.0
The command to run to fix:
# opnsense-patch 8e01375
It needs a "save" from the UPnP service page to apply fully.
Cheers,
Franco
-
Is that the attached update? That wasn't there yesterday, you weren't kidding about it being fixed just a bit ago.
EDIT: Nevermind, looks like this particular patch/issue didn't manifest until .9
-
Ok, that doesn't look to have helped in my particular scenario. I did update, and I applied that patch, then rebooted and hit save under UPnP.
It's worth noting that the concept of UPnP in a firewall is a little foreign to me so I may be doing something wrong. When I enable it, R6 shows I have an "Open NAT", and the appropriate connections show up under Status, however I continue to get the error when trying to join my friend.
I read through the link you provided Franco, but it kind of looks like they are almost being a little more strict than I am in regards to their settings. I am allowing any traffic from LAN Net anywhere (no bars), and I've forwarded the appropriate ports coming in, plus enabled UPnP (for kicks). It probably isn't ideal but right now UPnP has no restrictions on it, I'm just trying to get it working with OPNsense and from there I'll fine tune it down.
Another variable that I really should have noted to begin with (shame on me), is that I'm running OPNSense on Citrix XenServer, I personally don't think that is a factor, but I'm honestly not sure.
Any thoughts?
-
Hi Sam, have you tried a one-to-one NAT? Provided you have spare public IP's of course.
Bart...
-
I wish Bart, regrettably I cannot purchase any statics without becoming business class, and the price difference is pretty astronomical.
Was a good thought though, can't help but believe it would work.
-
It doesn't have to be weird if the game doesn't use game servers.
Destiny, for example, also connecters players directly. Hence you open a couple of ports next to the PSN ports.
Works great.
-
Sounds like nothing is working for you DrDeed. Typically you don't use port forwarding and UPnP together. Usually one or the other is recommended. You're obviously using and Xbox console since you mentioned open NAT. Might I suggest you look over my tutorial for an open Xbox NAT:
https://forum.opnsense.org/index.php?topic=3521.0
Most importantly the specific port you need to forward in if you are using IPv4 and not IPv6. Also set static outbound ports. Since Rainbow Six apparently uses a wide range of ports use UPnP for now. Personally I don't like UPnP but sometimes you have no choice for certain games. Probably should give it a shot.
You might consider posting screenshots of your settings for your firewall rules and any other settings that are relevant. Someone may see something that could potentially be an issue.
-
Hey Azdps,
Actually I'm running a PC, the interface for Rainbow 6 calls it "Open NAT" and that's why I referenced that.
Attached is all the images that should be relevant, I can provide more if anyone is interested. I am very much appreciating the help, honestly I'm more of a server guy than a networking guy and past forwarding ports I'm a little out of my element.
-
Here's one more noting the LAN firewall that may be interesting to someone.
I disabled the rule noted and opted for Google DNS on my computer for troubleshooting.
-
Try using tcpdump to capture traffic to see whats going on. I solved my Xbox problem this way. You will probably see something is being blocking or potentially something else. It difficult to tell from you screen shots whether you have everything setup properly. I appears you are port forwarding all the appropriate ports so you should probably disable UPnP. You shouldn't have to port forward anything below port 1023 unless you block those outbound ports. Try disabling port forwarding for those ports below 1023 for now.
You could also try disabling all port forwarding you currently have. Create one port forwarding rule and allow ports 1-65535 to your computer running Rainbow Six. If this works then you are missing a port that needs to be forwarded.
Would be interesting see what your outbound setting look like. Wrong outbound settings can cause gaming issues.
That last thing I would try is disabling all port forwarding. Enable UPnP and use that instead. Make sure your outbound settings for your computer are using static ports. Once you have UPnP setup check the status (Status: Universal Plug and Play) of UPnP to see if it's working and ports are automatically being opened.
If you figure something out, please report back as your solution could be valuable to someone else.
-
Hey sorry, I know it's been a little bit but I just now tried what you said azdps.
Here's the interesting thing. When I turn off UPnP, and yet forward every port ever, I receive a "strict NAT" rule. Which leads me to think that maybe something is wrong with UPnP+R6, and something is wrong with my forwarded port rules.
Theoretically I should be able to turn off UPnP (as I've done), forward all the ports, and maintain "Open NAT", and yet that isn't the case.
I've since removed the rule, but you can see a screenshot which I've attached.
Is there a decent way that someone knows of to test that my port forwarding rules are correct? Canyouseeme and other such tools only seem to work for TCP and only if an application is listening on that port.
Thanks!
-
Is there a decent way that someone knows of to test that my port forwarding rules are correct? Canyouseeme and other such tools only seem to work for TCP and only if an application is listening on that port.
Yes tcpdump. It needs to be run from the OPNsense shell but it will show you what is being blocked or passed. I'm currently using OpenBSD as my firewall so I can't test OPNsense port forwarding.
Reference port forwarding, don't set a specific destination IP just set it to any for testing purposes. Also your outbound port settings are very important. Provide a screenshot of your outbound port settings as well.
-
Your UPNP capure shows no configuration for IP's to allow access, and the default deny rule isn't selected.
Here are my captures (for consoles in CDIR range 192.168.0.80/29):
- UPNP settings
- Firewall showing UPNP and multicast
- NAT outbound hybrid with UPNP rule.