[bf1942] Firewall Ports Part II

Jon Wolberg jon at defenderhosting.com
Sun Jun 19 14:58:43 EDT 2005 

Just do a netstat with the server running and see.....

That's how I did it.
----- Original Message ----- 
From: "Per Kristiansen" <per at gathering.org>
To: "bf1942" <bf1942 at icculus.org>
Sent: Sunday, June 19, 2005 2:09 PM
Subject: [bf1942] Firewall Ports Part II


> okay...
>
> Andreas can you PLEASE! tell us the proper ports to open in our firewalls?
>
> This is starting to get ridiculuos!
>
> I was hoping the retail readme would contain the info needed..but..
>
>
> Quote:
> FIREWALL
>
> The use of a software firewall on the server is not recommended,
> as it can adversely affect server performance and the overall
> gameplay experience.
>
> What IS it with these people!..
>
> oh well I redid my experiment today.
>
> a little background:
> Linux Fedora Core 2
> Kernel 2.4.22-1.2174.nptlsmp #1 SMP
> the server has 2 IP's
>
> so first...
>
> I set both
> sv.serverIP and sv.interfaceIP to the IP I wanted to use..seemed to do the 
> trick.
>
> now on running lsof -i | grep bf2
> I get the following
>
> Code:
>
> UDP :29900
> UDP *:53667
> UDP :16567
> TCP *:4711 (LISTEN)
> UDP *:55124
> UDP *:55125 UDP 29900 : Gamespy Port (but not the only one)
>
> UDP 53667 : A random port, it changes for everytime you restart the 
> server, i've put a sniffer on it and have not detected any traffic so far.
> TCP 4711 : Rcon port, for remote managment (Rcon)
> UDP 16567 : the game port, you know the one you tag on at the end of IP to 
> join servers with
> UDP 55124 : Voice IP BFServer port
> UDP 55125 : Voice IP Server Port
>
> so..first I didn't open ANY port..not possible to join..weird eh :)
> opened UDP 16567 and 29900 and things started flowing a little better.
>
> rcon didnt work so I opened TCP 4711 and that was okay too.
>
> Voice didnt work, and my firewall log started screaming about access to 
> port
> UDP 55125, opened that and Voice started working.
>
> Got a couple of buddies to join the server and watched the log for a 
> while.
>
> And sure enough, I start seeing drops in the log from people attempting to 
> connect to UDP 29901-29904 , I open these too.
>
> And my "mystery connection" from gamespy again...
> Ive mentioned this one earlier, its connection attempts from
> aphexmaster1.gamespy.com
> aphexmaster2.gamespy.com
>
> with source port of UDP 29910, oh well as EA has said they will block not 
> only the "hacked" servers but also the "zero" ping server (servers that 
> probably havent opened enough ports so the master server/client ain't 
> getting ping data on them or something) I'm not taking ANY chances , open 
> all traffic from these addresses on port 29910/UDP.
>
> I'm starting to get kinda pissed of here..what the fuck are EA thinking!..
> This is such a small thing, but it IS kinda important!.
>
> oh well..my BF chain settings under iptables is now as follows:
> -A BF2 -m udp -p udp -m multiport --dports 
> 29900,29901,29902,29903,29904,16567,55125 -j ACCEPT
> -A BF2 -m tcp -p tcp -m multiport --dports 4711 -j ACCEPT
> -A BF2 -m udp -p udp --sport 29910 -s 207.38.8.27 -j ACCEPT
> -A BF2 -m udp -p udp --sport 29910 -s 207.38.8.28 -j ACCEPT
>
> -- 
> Per Kristiansen
> per at gathering.org
>

More information about the Bf1942 mailing list