Netgate SG-1000 microFirewall

Author Topic: Factorio Headless Server Connection  (Read 485 times)

0 Members and 1 Guest are viewing this topic.

Offline Vinocamp

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Factorio Headless Server Connection
« on: January 02, 2018, 08:47:03 pm »
Newbie here,

Tried many options on getting to connect to server, connection time out, ports are closed, tried opening them..anyways this is my setup,

Have pFsense with open vpn client running on a dedicated computer ip = 192.168.1.1, vpn client = Private Internet Access (PIA)

The Factorio headless server is running on another dedicated computer ip = 192.168.1.10 ports that are used for this server is 34291:34299

I have tried making aliases, for wan/lan and openvpn, created 1 at a time, made sure it was the 2nd rule in the wan side/lan /openvpn,
every time i tried an option i checked to see if my ports where open to see if i could connect to server or a friend was able to connect to server,
we can see the server but we get the following error....couldn't establish network communication with server

I have watched videos from youtube, to reading the forums and I still get a big connection error, I know i'm doing something wrong, i just need a little direction... :)

Thank you in advance for all the help, if any info missing please feel free to ask.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15761
  • Karma: +1502/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Factorio Headless Server Connection
« Reply #1 on: January 03, 2018, 07:49:12 am »
This is a simple UDP port forward that is needed..

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

Your problem prob is that your sending all your return traffic out your vpn when the connection comes in your wan..  Turn off your vpn client and work on your problem of port forwarding.

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Once you have it working - then turn your vpn client back on but don't use default routing out your vpn, use policy routing for what you want to send out the vpn, or what you want to go out your normal wan like your return traffic for your game server to clients.

Also are you trying to access the game as well via nat reflection?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)

Offline Vinocamp

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Factorio Headless Server Connection
« Reply #2 on: January 03, 2018, 04:42:20 pm »
This is what i have done so far,

1. disableble OpenVpn
2. Created an alias for the ports 34291:34299 (TCP/UPD) (alias= Factory)
3. Nat setting , interface = wan, protocol = tcp/udp, destination = any, destination ports =  factory, redirect ip = 192.168.1.10 (factory Server), redirect target port = factory
4. Firewall rule = first one on top.

my connection is a wan PPPOE connection.
question my wan interface address says one thing and wan PPPoe say somethign different....example wan interface = 85.95.185.16, Wan PPPOE = 17.15.18.25

Using a Bell Router  Hub 2000 disable all functions (wireless, login into account,dhcp ...) everything is done threw pfsense (dhcp, wireless .....

thanks


Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15761
  • Karma: +1502/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Factorio Headless Server Connection
« Reply #3 on: January 04, 2018, 01:22:13 am »
So you do not need tcp - this off their own site saying they only use UDP.. Where did you get those ports from?  I would suggest you start with 1.. get that working before you start working on ranges your trying to forward..

If your using a PPPoE connection that would be where your inbound traffic would hit.  You need to go through the troubleshooting guide linked too.. Where does it fail - do you see the inbound traffic on your internet site interface?  Simple sniff will show this.. Do you see pfsense send on the traffic to the IP your wanting to forward too, etc.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)

Offline goertzenator

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Factorio Headless Server Connection
« Reply #4 on: Yesterday at 09:43:31 pm »
The part that is missing is the outbound NAT.  The Factorio server is a client to the factorio pingpong servers that are used for NAT punching(1).  The source ports when talking to these pingpong servers must not be mangled, so an outbound NAT rules is needed to prevent this (PFSense mangles ports by default).  Just got all this working today.

Firewall/NAT/Outbound:

Outbound NAT Mode: Hybrid Outbound

Add this mapping:

Interface: WAN
Source: <internal address of your server>
Source Port: udp/34197
Destination: *
Destination Port: udp/*
NAT Port: *
Static Port: YES


(1) https://www.factorio.com/blog/post/fff-143