Which ports to open for dedicated server

[themann00]

I seem to be having a problem authenticating anyone who connects to my server. I have all ports blocked by default, and then I create rules to open certain ones up. I've opened 27015 for TCP/UDP and 27020 for UDP.

What else needs to be open for a server to work correctly?

I know it's a port issue, because when I open all of my ports, the server works fine.

I've done searching all day, and can't find a decent list. There was one other post on here that had a list, but that's what I already had open (as listed above)

Thanks for the help,


--TheMann00

[DarkZealot89]

I would do the following:

A. DMZ your server

or

B. Open ports 27015-27025 for TCP/UDP ect ect ect

[aXis]

Whilst I generally dont like opening up unneccesary ports, I've found that opening up UDP ports 27000 to 27050 works well. This covers several game servers, HLTV, master queries etc. I havent had to open up any TCP ports.

I host a public internet Tim-Coop srcds server using this config and no-one seems to have any issues.

Edit: Looking at a traffic dump on my server, im seeing the following destination ports used on a regular basis:

UDP 27015 (of course)
UDP 27009 (master queries I think)

[skeletor]

yea.. on my server.. all i have open is 27015 tcp and udp.. for the server anyways.. i mean i have 22 open for ftp.. but yea.. i don't know.. its always workd for me.. but i have never ran hltv, or sourcetv or anything like that..

[aXis]

Have a look at my updated post - I think UDP port 27009 is an important one.

The source IP address for this one is often like "69.28.191.84" which from memory seems to match what I see in the srcds console when it lists master servers.

[themann00]

Hmm. Still no luck with those changes.
I can tell when it's working from looking at my console right after it loads.
If it's working, the console contains:
Adding master server 69.28.151.162:27011
Adding master server 207.173.177.11:27011
Connection to Steam servers successful.
VAC beta secure mode is activated.

If it isn't working, it only contains:
Connection to Steam servers successful.
VAC beta secure mode is activated.

(I did also try opening up all traffic from my machine to any 27011)

I am using Win2k3 IPSec Policys, and the one that causes this problem is set to block all TCP traffic from and Port to any Port, from My IP to Any IP.

When I disable this rule, the server loads fine. When the rule is enabled, no go.

I am new to IPSec, and don't know if there is an order it executes these policies, but perhaps that is the problem.

Quote:Edit: Looking at a traffic dump on my server, im seeing the following destination ports used on a regular basis:

UDP 27015 (of course)
UDP 27009 (master queries I think)

How can I do a traffic dump? Perhaps if I just open all the ports for a second, and run the traffic dump, I can see what my server is doing? Open up those ports, and go on from there?

[skeletor]

themann00 Wrote:I am using Win2k3 IPSec Policys, and the one that causes this problem is set to block all TCP traffic from and Port to any Port, from My IP to Any IP.

When I disable this rule, the server loads fine. When the rule is enabled, no go.

the tcp port atleast i know 27015 can not be blocked.. just try opening that in IPSec or whatever.. i don't know anything about that, but thats obviously whats doin it.

[themann00]

Well, it's open, and people can get in.
But when they connect, they get this message:
server was unable to contact the authentication server, 35

This shows that it's a server error, and I know for a fact it happens to anyone that connects. The minute I turn off my "block all" filter (which blocks all ports that aren't specified otherwise) the error doesn't happen anymore for anyone.

So they connect just fine, and maybe see the map for a split second, but then it's gone.

If anyone wants to see what I'm talking about, try
82.165.179.62:27015

If you don't get kicked, let me know (unless I've updated this post about fixing the port issue)

I'm also doing a load test tonight, and turning off the port blocker, so there is a small window that you might get in, and have it work. If so, *it's still broken*, and I still need your help. I promise to post my fix if/when it works!

[skeletor]

hmm.. well according to thisall you need is 27015 tcp and upd.. hmmm.. but that error means there something blocking your serever from accessing steams servers.. yea.. everything i have lookd at has just said 27015, i remember there being other ports people suggest opening, i jsut don't remember them, and anymore it looks like steam isn't saying to open them. soooo yea.. hmm.. maybe that IPSec thing is just not wanting it to go through...

[DarkZealot89]

Argh, Now I remember why I did this:

I bought a software firewall and then DMZ'ed my server. No more hassling of opening the correct ports. Thats how I did it for my server and it has helped a lot.

[skeletor]

yup =) that all works great.. or even free ware zone alarm works well..

that also works well for me cuz i also run a ftp server, and am able to remote desktop the computer and everything.. so dmz works great, and a decent firewall allows you to just allow the whole program through it.. so you don't have to deal with ports at all.

[themann00]

What did you use to do a traffic dump? I'll just unblock everything, run the server, reblock, and then check the dump. I have Win2k3.

[themann00]

OK. I used the windows included NetMonitor, and started up the server with all ports open long enough to get it connected, and then shut it down, and re-locked the ports. I then went into the IPSec, and added all the ports I could find that were listed by NetMon, and opened them for both directions, and still no good.

So here is the solution I have found.

Windows firewall, IPSec only locks two or three ports where I want to control traffic in one direction (I want SMTP out, but not in. Firewall opens port 25 to both directions. So I open it on the firewall, and use IPSec to block incoming traffic on port 25)

Seems to be working, although I have not attempted connecting to it yet. I'll do another load test soon, to see if this truly works, but I think that is the only fix I'm going to get.

I now have another question, with I will start a new thread on. Thanks for all the help!