Firewall settings for multiplayer dedicated server [public]

[daealc]

Hey all I am having a bit of trouble setting up a public multiplayer server (non modded)

I have unblocked inbound PORT 34197 to the server, and me and friends can connect to it no problem, the issue is this server is heavily firewalled. it has access to a nameserver and that port ONLY.

all outbound is blocked all inbound is blocked, other than that one port udp/34197, what else needs to be unlocked inbound and outbound for the server to be listed public on the server list?

[daealc]

Bump, I did not realize it was such a difficult question

[daniel34]

Factorio has to determine the proper IP and port so that others can connect to you, it uses NAT punching to do that as described in https://www.factorio.com/blog/post/fff-143 (if that is still accurate, I don't know).

I suspect that either outgoing or incoming traffic from/to the pingpong servers is filtered by your firewall, or ip/port differ and Factorio is unable to determine the correct address.

Check your server log file, there should be a mention on whether it was able to connect to the pingpong servers and what the result was.

Note: I'm not a network specialist nor do I have insight on how exactly the Factorio network protocol works, but some advice is better than none I guess.

[daealc]

Yeah nat punching is not going to work in this case, there is no NAT in use only bridge filtering, would this be it I cannot see it raising an error:

0.002 2017-10-23 10:00:59; Factorio 0.15.37 (build 30927, win64, alpha)
0.003 Operating system: Windows 8.1
0.004 Program arguments: "factorio.exe" "--start-server" "./saves/RezGen.zip"
0.005 Read data path: C:/GameServers/Public/Factorio/data
0.005 Write data path: C:/GameServers/Public/Factorio
0.006 Binaries path: C:/GameServers/Public/Factorio/bin
0.019 System info: [CPU: Intel(R) Core(TM) i7 CPU X 980 @ 3.33GHz, 8 cores, RAM: 6143MB]
0.021 Running in headless mode
0.030 Loading mod core 0.0.0 (data.lua)
0.043 Loading mod base 0.15.37 (data.lua)
0.222 Loading mod base 0.15.37 (data-updates.lua)
0.270 Checksum for core: 2904504744
0.271 Checksum of base: 1503927233
0.474 Info PlayerData.cpp:58: Local player-data.json available, timestamp 1508749257
0.475 Info PlayerData.cpp:65: Cloud player-data.json unavailable
0.481 Custom inputs active: 0
0.483 Factorio initialised
0.485 Info ServerSynchronizer.cpp:28: nextHeartbeatSequenceNumber(0) initialized Synchronizer nextTickClosureTick(0).
0.486 Info ServerMultiplayerManager.cpp:671: mapTick(-1) changing state from(Ready) to(PreparedToHostGame)
0.487 Info ServerMultiplayerManager.cpp:671: mapTick(-1) changing state from(PreparedToHostGame) to(CreatingGame)
0.488 Loading map C:\GameServers\Public\Factorio\bin\x64\.\saves\RezGen.zip: 9376068 bytes.
0.562 Loading Level.dat: 21516578 bytes.
0.569 Info Scenario.cpp:135: Map version 0.15.37-0
1.512 Info BlueprintLibrary.cpp:226: Loaded library shelves:
1.513 Info BlueprintLibrary.cpp:794: Game shelf: playerIndex = 65535, nextRecordID = 0; timestamp = 1508275140; records:
1.514 Info BlueprintLibrary.cpp:796: Player shelf: playerIndex = 0, nextRecordID = 0; timestamp = 1508354755; records:
1.514 Info BlueprintLibrary.cpp:796: Player shelf: playerIndex = 1, nextRecordID = 0; timestamp = 1508353778; records:
1.515 Info BlueprintLibrary.cpp:796: Player shelf: playerIndex = 2, nextRecordID = 0; timestamp = 1508702214; records:
1.516 Info BlueprintLibrary.cpp:796: Player shelf: playerIndex = 3, nextRecordID = 0; timestamp = 1508702260; records:
1.517 Info BlueprintLibrary.cpp:796: Player shelf: playerIndex = 4, nextRecordID = 0; timestamp = 1508710019; records:
1.517 Info BlueprintLibrary.cpp:796: Player shelf: playerIndex = 5, nextRecordID = 7; timestamp = 1508341434; records: (id: 5, 0; label: "", preview: false, empty: false; book) (id: 5, 1; label: "Stuff", preview: true, empty: false; book [id: 5, 2; label: "", preview: true, empty: true] [id: 5, 3; label: "empty base", preview: true, empty: true]) (id: 5, 4; label: "", preview: true, empty: true; single) (id: 5, 6; label: "", preview: true, empty: true; single) (id: 5, 5; label: "Defense", preview: true, empty: true; single)
1.519 Info BlueprintLibrary.cpp:796: Player shelf: playerIndex = 6, nextRecordID = 0; timestamp = 1508662865; records:
1.520 Info BlueprintLibrary.cpp:796: Player shelf: playerIndex = 7, nextRecordID = 0; timestamp = 1508663059; records:
1.584 Info BlueprintLibrary.cpp:49: Loaded external blueprint storage: playerIndex = 65535, nextRecordID = 0; timestamp = 1508749260; records:
1.586 Loading script.dat: 190 bytes.
1.590 Checksum for script C:/GameServers/Public/Factorio/temp/currently-playing/control.lua: 282129324
1.600 Info UDPSocket.cpp:27: Opening socket at (0.0.0.0:34197)
1.601 Hosting game at 0.0.0.0:34197
1.602 Info HttpSharedState.cpp:44: Downloading https://auth.factorio.com/generate-server-padlock-2
2.024 Info HttpSharedState.cpp:111: Status code: 200
2.025 Info AuthServerConnector.cpp:108: Obtained serverPadlock for serverHash (GULNB4t7RdDLdSLKNFW6aluf3kUooNGj) from the auth server.
2.026 Info ServerMultiplayerManager.cpp:671: mapTick(8405116) changing state from(CreatingGame) to(InGame)
672.298 ConnectionRequestReplyConfirm (type(ConnectionRequestReplyConfirm) ) from(82.30.237.121:53195)

[daealc]

I seem to have added this rule for that server:

pass in quick on $bhyve_dev proto tcp from $kenny to { 23.21.158.102/32, 54.225.116.249/32, 54.243.136.138/32 }

I presume that is so that website can download that file in the log

[daealc]

*bump*

[daealc]

*bump* can someone at least tell me what ips need to be allowed to connect to and from?

[Loewchen]

*bump* can someone at least tell me what ips need to be allowed to connect to and from?

An IP based firewall rule makes no sense for a public server.
Post your server-settings.json file, make sure to mask passwords and tokens.

[daealc]

Issue has now been resolved, thanks to @justarandomgeek> 'justarandomgeek' via IRC, issue was it is not possible to use different external ports and hostname than what your internal servers believe they are bound to.

[daealc]

To make everyone happy here is as little more detailed reason of what was going on:

The server its self has several gateways and public ips, the windows servers hosting factorio of which there was 2 server which are bound to two ports on the local ip of the windows server so:

0.0.0.0:40000 Factorio1
0.0.0.0:40001 Factorio2

On the external server hosting the VM, 2 rules pass traffic to the server, like such:

EXT_IP1:60000 -> WINDOWS_SERVER:40000
EXT_IP2:50000 -> WINDOWS_SERVER:40001

note the external ports are not the same as the internal ones ... so the factorios running on the windows server was reporting the port THEY WAS BOUND TO but not the port the external server/gateway was listening on and factorio lacks the ability to tell it what port to announce to the multiplayer listing server

[justarandomgeek]

I'm 99% sure the issue with the original configuration was that the second server had a different external port than internal on his firewall box, but that the firewall was not adjusting the source ports on the outbound packets attempting to identify the server (to pingpong1/2), thus leading it to conclude it had it's internal port number, rather than the remapped one. I suggested to simply use the same port internally and externally, which seems to be working.

[impetus maximus]

just wanted to add i don't think you need TCP open at all, just UDP.