I have been trying to setup a counter strike source dedicated server in CentOS 5 over the past few days, but no one outside of the local network is able to connect. The server is sitting behind a router with DMZ enabled on the server's internal IP address.
Here are the arguments used on startup:
When the source server is running, issuing
returns the following:
This appears to indicate that the server is listening on the correct ports, and I have opened these ports along with many others within the firewall. Running the command
returns the following:
Disabling iptables altogether via the command
does not fix the problem either.
Connecting to the server from one of the computers on the local network attached to the same router as the server seems to work fine. However, when attempting to connect to the server from the external IP, it doesn't work even though the correct port is accessible. Also, connecting to any of the other ports open in iptables (like ssh, ftp, etc.) works just fine. Running
from a computer on an external network yields the following results:
indicating that UDP port 27015 is open and reachable.
I've read seemingly every forum post regarding this issue, yet none of the proposed solutions seem to work. At first I thought that because the process has bound itself to the internal network IP (192.168.1.143), only local connections were being accepted. However, changing the server's start up command to bind to an IP of 0.0.0.0 (wildcard) did not work either.
Any one have any ideas?
EDIT:
I've figured out that the problem lies with the router (with dd-wrt firmware). Even though I had DMZ enabled, the correct ports were not being forwarded. I'm assuming when you enable DMZ on a router with dd-wrt firmware, it simply forwards a default range of ports (something like 1-1024). Thus the port ranges corresponding to the counter strike server (27000-27050) were not being forwarded. I have since manually forwarded the correct port ranges in the router and everything seems to work perfectly.
Here are the arguments used on startup:
Code:
./srcds_run -console -game cstrike +map de_dust2 +ip 192.168.1.143 +maxplayers 10 -autoupdateWhen the source server is running, issuing
Code:
netstat -anp | grep srcCode:
tcp 0 0 192.168.1.143:27015 0.0.0.0:* LISTEN 5876/srcds_linux
udp 0 0 192.168.1.143:27015 0.0.0.0:* 5876/srcds_linux
udp 0 0 192.168.1.143:27020 0.0.0.0:* 5876/srcds_linux
udp 0 0 192.168.1.143:26901 0.0.0.0:* 5876/srcds_linux
udp 0 0 192.168.1.143:27005 0.0.0.0:* 5876/srcds_linux
unix 3 [ ] STREAM CONNECTED 126753 5876/srcds_linux
unix 3 [ ] STREAM CONNECTED 126752 5876/srcds_linux
unix 3 [ ] STREAM CONNECTED 126750 5876/srcds_linux
unix 3 [ ] STREAM CONNECTED 126749 5876/srcds_linuxThis appears to indicate that the server is listening on the correct ports, and I have opened these ports along with many others within the firewall. Running the command
Code:
iptables -LCode:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpts:27000:27020
ACCEPT udp -- anywhere anywhere udp dpt:scol
ACCEPT tcp -- anywhere anywhere tcp dpts:27000:27050
ACCEPT udp -- anywhere anywhere udp dpts:27000:27050
ACCEPT udp -- anywhere anywhere udp dpt:26901
ACCEPT tcp -- anywhere anywhere tcp dpt:scol
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destinationDisabling iptables altogether via the command
Code:
service iptables stopConnecting to the server from one of the computers on the local network attached to the same router as the server seems to work fine. However, when attempting to connect to the server from the external IP, it doesn't work even though the correct port is accessible. Also, connecting to any of the other ports open in iptables (like ssh, ftp, etc.) works just fine. Running
Code:
nmap -sU -p27015 24.246.42.xxxCode:
Starting Nmap 4.75 ( http://nmap.org ) at 2012-01-08 21:59 Central Europe Standard Time
Interesting ports on 24-246-42-xxx.cable.teksavvy.com (24.246.42.xxx):
PORT STATE SERVICE
27015/udp open|filtered halflife
Nmap done: 1 IP address (1 host up) scanned in 2.24 secondsI've read seemingly every forum post regarding this issue, yet none of the proposed solutions seem to work. At first I thought that because the process has bound itself to the internal network IP (192.168.1.143), only local connections were being accepted. However, changing the server's start up command to bind to an IP of 0.0.0.0 (wildcard) did not work either.
Any one have any ideas?
EDIT:
I've figured out that the problem lies with the router (with dd-wrt firmware). Even though I had DMZ enabled, the correct ports were not being forwarded. I'm assuming when you enable DMZ on a router with dd-wrt firmware, it simply forwards a default range of ports (something like 1-1024). Thus the port ranges corresponding to the counter strike server (27000-27050) were not being forwarded. I have since manually forwarded the correct port ranges in the router and everything seems to work perfectly.