Since you're using IPSec for firewalling, here's a good short tutorial for combining it with RRAS
http://www.bganet.org/rras.html
I'm not completely up to speed with it, does anyone know if IPSec properly handles sessions? So responses to established connections that may occur on other ports are accepted?
----- Original Message ----- From: "BlackYoda" <[EMAIL PROTECTED]> To: <hlds@list.valvesoftware.com> Sent: Sunday, March 13, 2005 7:06 PM Subject: Re: [hlds] Firewall Woes
Thanks for your help.. I'm still having some odd problems though. If I configure the firewall to block all inbound TCP connections except for those listed on the steampowered page clients can't authenticate with steam when joining, and get booted shortly after the map is done loading. However, in my experimentation when I drop the rule that blocks all inbound TCP traffic then they can stay. That makes me think that there is another TCP port required on the server just for steam authentication.
I am running Windows 2000 and I'm using the built in IPSec firewall, and want to make it as locked down as possible. Does anyone know what other ports I need to open.. If I'm lucky I may catch it in time with a netstat.... So far I have not been lucky, but anyways, my server is more locked down than it was before.
DLinkOZ wrote:
I see that you have all outbound enabled by default, correct? For my own firewall which allows outgoing, I only had to define incoming ports 27015 and 27020 (tcp or udp, where appropriate).
----- Original Message ----- From: "BlackYoda" <[EMAIL PROTECTED]> To: <hlds@list.valvesoftware.com> Sent: Thursday, March 10, 2005 12:23 PM Subject: Re: [hlds] Firewall Woes
This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] Here is the text from steampowered that I am asking about:
I have defined rules on my server only for the second set, (see below) and I can join the server but get booted imeediately because the steam client can't authenticate.
Also another question, what ports should be opened to allow hldsUpdateTool to perform updates?
Anyone else using win2K built in IPSec firewall care to share how they have it configured?
--------------------------------------------------------------- The following ports must be open in your firewall and router for Steam and Steam Games to work:
UDP 1200 (used for friends service) UDP 27000 to 27015 inclusive TCP 27020 to 27039 inclusive TCP 27040 and 27041 only for CyberCafe Owners
Computers running Dedicated Servers need these ports open:
UDP: 27015 and 27020 (default HLDS, SRCDS and HLTV port) TCP: 27015 (SRCDS Rcon port)
If your server uses a different hostport then you will need to adjust the above accordingly.
-----------------------------------------------------------------
BlackYoda wrote:
I'm using a W2K server running HL2DS (latest update from today) with the built in IPSec firewall.
I used this page to figure out how to configure the firewall: http://homepages.wmich.edu/~mchugha/w2kfirewall.htm (It is a pretty good tutorial)
I have read this page about steam ports: http://steampowered.custhelp.com/cgi-bin/steampowered.cfg/php/enduser/std_adp.php?p_faqid=160
It says which ports need to be open for a dedicated server. I have blocked all inbound UDP packets, except for those ports. I have blocked all inbound TCP packets, except for those ports. I have enabled all outbound UDP and TCP traffic. I have blocked all ICMP traffic (inbound & outbound).
Also, on that steampowered page, there is a section on ports that need to be opened for steam and steam games.. I am assuming that dedicated servers do not need those ports opened too?
I can join the server, but I get the error message that my steam ticket could not be validated. I hope I don't have to enable all the client ports, only because the IPSec interface is cumbersome and it will kill my wrists clicking so many buttons to get the job done.
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
--
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
