Firewall Ports Part II

Per Kristiansen per at gathering.org
Sun Jun 19 14:09:09 EDT 2005 

okay...

Andreas can you PLEASE! tell us the proper ports to open in our firewalls?

This is starting to get ridiculuos!

I was hoping the retail readme would contain the info needed..but..


Quote:
FIREWALL

The use of a software firewall on the server is not recommended,
as it can adversely affect server performance and the overall
gameplay experience.  

What IS it with these people!..

oh well I redid my experiment today.

a little background:
Linux Fedora Core 2 
Kernel 2.4.22-1.2174.nptlsmp #1 SMP
the server has 2 IP's

so first...

I set both
sv.serverIP and sv.interfaceIP to the IP I wanted to use..seemed to do the trick.

now on running lsof -i | grep bf2
I get the following

Code:

UDP :29900 
UDP *:53667 
UDP :16567 
TCP *:4711 (LISTEN)
UDP *:55124 
UDP *:55125 UDP 29900 : Gamespy Port (but not the only one)

UDP 53667 : A random port, it changes for everytime you restart the server, i've put a sniffer on it and have not detected any traffic so far.
TCP 4711 : Rcon port, for remote managment (Rcon)
UDP 16567 : the game port, you know the one you tag on at the end of IP to join servers with
UDP 55124 : Voice IP BFServer port
UDP 55125 : Voice IP Server Port

so..first I didn't open ANY port..not possible to join..weird eh :)
opened UDP 16567 and 29900 and things started flowing a little better.

rcon didnt work so I opened TCP 4711 and that was okay too.

Voice didnt work, and my firewall log started screaming about access to port
UDP 55125, opened that and Voice started working.

Got a couple of buddies to join the server and watched the log for a while.

And sure enough, I start seeing drops in the log from people attempting to connect to UDP 29901-29904 , I open these too.

And my "mystery connection" from gamespy again...
Ive mentioned this one earlier, its connection attempts from 
aphexmaster1.gamespy.com
aphexmaster2.gamespy.com

with source port of UDP 29910, oh well as EA has said they will block not only the "hacked" servers but also the "zero" ping server (servers that probably havent opened enough ports so the master server/client ain't getting ping data on them or something) I'm not taking ANY chances , open all traffic from these addresses on port 29910/UDP.

I'm starting to get kinda pissed of here..what the fuck are EA thinking!..
This is such a small thing, but it IS kinda important!.

oh well..my BF chain settings under iptables is now as follows:
-A BF2 -m udp -p udp -m multiport --dports 29900,29901,29902,29903,29904,16567,55125 -j ACCEPT
-A BF2 -m tcp -p tcp -m multiport --dports 4711 -j ACCEPT
-A BF2 -m udp -p udp --sport 29910 -s 207.38.8.27 -j ACCEPT
-A BF2 -m udp -p udp --sport 29910 -s 207.38.8.28 -j ACCEPT

-- 
Per Kristiansen
per at gathering.org

More information about the Bf1942 mailing list