date:20130930

Re: [hlds_linux] TF2 - Connection lost to item server - what ports to whitelist?

2013-09-30 Thread Zaretti Steve

Yes i'm using vac and TNF since July so, my rules are set, forgot exactly why :)

2013/9/30 Marco Padovan :
> you run those in the OVH network firewall (vac?)
>
> The issue we are experiencing is exactly there, I did not had rules for
> 26900 - 26999, the rest was similar to yours (I also opened listening
> client port)
>
> so maybe the curlprint is those 26900 random ports that the server uses to
> listen on... will give a try then.
>
> Thank you
>
>
> On Mon, Sep 30, 2013 at 6:41 AM, Zaretti Steve  wrote:
>
>> gnaaa early morning, don't loop my ip :p
>>
>> 2013/9/30 Zaretti Steve :
>> > Well, these I my srcds firewall rules:
>> > permit udp any 87.98.179.101/32 range 26900 26999
>> > permit udp any range 1000 1099 IP.IP.IP.IP/32 range 2 20010
>> > permit udp any range 1330 1340 IP.IP.IP.IP/32 range 2 20010
>> > permit udp any range 27000 27999 IP.IP.IP.IP/32 range 2 20010
>> >   <= standars client
>> > permit udp any range 33600 33699 IP.IP.IP.IP/32 range 2 20010
>> > permit udp any gt 5 IP.IP.IP.IP/32 range 2 20010
>> >   <= ping, you should do packet length/string check
>> >
>> >  My servers are on port 20004, 20005, etc.
>> >
>> >  This rules was set ages ago. I'm not sure about which one allow steam
>> > connexion. Don't forgot that some client will be impacted.
>> >
>> >
>> >  GL.
>> >
>> >
>> > 2013/9/30 Bruno Garcia :
>> >> Unrelated to this topic: Don't be frighten to address your ddos attack
>> >> situation with the authorities. You have every right to do so, and it
>> will
>> >> most likely permanently solve your problem.
>> >>
>> >>
>> >> On Sun, Sep 29, 2013 at 5:21 PM, Marco Padovan  wrote:
>> >>
>> >>> well... i see no traffic on dst port 27015 will probably have to leave
>> the
>> >>> tcpdump (with -nnvvXS ) running for very long time?
>> >>> btw I hope there's a clear answer from valve.
>> >>>
>> >>> btw the only port I'm filtering (and always have been) is: UDP 269xx
>> ... I
>> >>> see plenty of those attached as listening to srcds...
>> >>>
>> >>> but it's is not related to the item server error apparently...
>> probably the
>> >>> item server connections is done in udp and outgoing, not listening
>> >>>
>> >>>
>> >>> On Sun, Sep 29, 2013 at 9:43 PM, Zaretti Steve 
>> wrote:
>> >>>
>> >>> > tcpdump dst port 27015 | egrep -i "valve|steam"
>> >>> >
>> >>> > 2013/9/29 Marco Padovan :
>> >>> > > Hi,
>> >>> > >
>> >>> > > due to serious ddos attacks we had to put up a very strict firewall
>> >>> > > rulesets.
>> >>> > >
>> >>> > > Basically we permit just the incoming listening ports (client,
>> server
>> >>> and
>> >>> > > tv) and deny everything else.
>> >>> > >
>> >>> > > With that setup everything runs smoothly except if you press M to
>> >>> access
>> >>> > > the inventory and you see that error.
>> >>> > >
>> >>> > > My question is: what is the item server port so we can create a
>> >>> specific
>> >>> > > rule for that kind of traffic?
>> >>> > > Does the steam item server port send traffic with source 27015?
>> >>> > >
>> >>> > > Additionally does the connection to the item server make use of a
>> >>> random
>> >>> > > local port instead of the one defined with the +clientport command
>> line
>> >>> > > switch right?
>> >>> > >
>> >>> > > Thank you,
>> >>> > > best regards
>> >>> > > ___
>> >>> > > To unsubscribe, edit your list preferences, or view the list
>> archives,
>> >>> > please visit:
>> >>> > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>> >>> >
>> >>> > ___
>> >>> > To unsubscribe, edit your list preferences, or view the list
>> archives,
>> >>> > please visit:
>> >>> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>> >>> >
>> >>> ___
>> >>> To unsubscribe, edit your list preferences, or view the list archives,
>> >>> please visit:
>> >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>> >>>
>> >> ___
>> >> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux

Re: [hlds_linux] TF2 - Connection lost to item server - what ports to whitelist?

2013-09-30 Thread Marco Padovan

you run those in the OVH network firewall (vac?)

The issue we are experiencing is exactly there, I did not had rules for
26900 - 26999, the rest was similar to yours (I also opened listening
client port)

so maybe the curlprint is those 26900 random ports that the server uses to
listen on... will give a try then.

Thank you


On Mon, Sep 30, 2013 at 6:41 AM, Zaretti Steve  wrote:

> gnaaa early morning, don't loop my ip :p
>
> 2013/9/30 Zaretti Steve :
> > Well, these I my srcds firewall rules:
> > permit udp any 87.98.179.101/32 range 26900 26999
> > permit udp any range 1000 1099 IP.IP.IP.IP/32 range 2 20010
> > permit udp any range 1330 1340 IP.IP.IP.IP/32 range 2 20010
> > permit udp any range 27000 27999 IP.IP.IP.IP/32 range 2 20010
> >   <= standars client
> > permit udp any range 33600 33699 IP.IP.IP.IP/32 range 2 20010
> > permit udp any gt 5 IP.IP.IP.IP/32 range 2 20010
> >   <= ping, you should do packet length/string check
> >
> >  My servers are on port 20004, 20005, etc.
> >
> >  This rules was set ages ago. I'm not sure about which one allow steam
> > connexion. Don't forgot that some client will be impacted.
> >
> >
> >  GL.
> >
> >
> > 2013/9/30 Bruno Garcia :
> >> Unrelated to this topic: Don't be frighten to address your ddos attack
> >> situation with the authorities. You have every right to do so, and it
> will
> >> most likely permanently solve your problem.
> >>
> >>
> >> On Sun, Sep 29, 2013 at 5:21 PM, Marco Padovan  wrote:
> >>
> >>> well... i see no traffic on dst port 27015 will probably have to leave
> the
> >>> tcpdump (with -nnvvXS ) running for very long time?
> >>> btw I hope there's a clear answer from valve.
> >>>
> >>> btw the only port I'm filtering (and always have been) is: UDP 269xx
> ... I
> >>> see plenty of those attached as listening to srcds...
> >>>
> >>> but it's is not related to the item server error apparently...
> probably the
> >>> item server connections is done in udp and outgoing, not listening
> >>>
> >>>
> >>> On Sun, Sep 29, 2013 at 9:43 PM, Zaretti Steve 
> wrote:
> >>>
> >>> > tcpdump dst port 27015 | egrep -i "valve|steam"
> >>> >
> >>> > 2013/9/29 Marco Padovan :
> >>> > > Hi,
> >>> > >
> >>> > > due to serious ddos attacks we had to put up a very strict firewall
> >>> > > rulesets.
> >>> > >
> >>> > > Basically we permit just the incoming listening ports (client,
> server
> >>> and
> >>> > > tv) and deny everything else.
> >>> > >
> >>> > > With that setup everything runs smoothly except if you press M to
> >>> access
> >>> > > the inventory and you see that error.
> >>> > >
> >>> > > My question is: what is the item server port so we can create a
> >>> specific
> >>> > > rule for that kind of traffic?
> >>> > > Does the steam item server port send traffic with source 27015?
> >>> > >
> >>> > > Additionally does the connection to the item server make use of a
> >>> random
> >>> > > local port instead of the one defined with the +clientport command
> line
> >>> > > switch right?
> >>> > >
> >>> > > Thank you,
> >>> > > best regards
> >>> > > ___
> >>> > > To unsubscribe, edit your list preferences, or view the list
> archives,
> >>> > please visit:
> >>> > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >>> >
> >>> > ___
> >>> > To unsubscribe, edit your list preferences, or view the list
> archives,
> >>> > please visit:
> >>> > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >>> >
> >>> ___
> >>> To unsubscribe, edit your list preferences, or view the list archives,
> >>> please visit:
> >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
> >>>
> >> ___
> >> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux

Re: [hlds_linux] TF2 - Connection lost to item server - what ports to whitelist?

Re: [hlds_linux] TF2 - Connection lost to item server - what ports to whitelist?

2 matches

Site Navigation

Mail list logo

Footer information