NethServer Version: NS 7 Module: Services and Firewall
After setting up my game servers with a service I failed to connect to them from a remote location, so I attempted to do a simple reboot.
To my astonishment I discovered that all my enabled custom services failed to start at boot time.
I had to manually start them before they where up and running again.
At least two of the hosted game servers function, because I was able to connect to them with the local ip address from a client.
The other two require a connection from the external ip address and none of them are listed.
It also came to my attention that in the firewall there is a problem with “Providers External(red#)” which is supposedly down.
My red (external) and green (LAN) interfaces are both up and I can access the Internet from my clients.
But it worries me that I see a red cross in the web interface of my firewall.
I searched this forum, but I could not find anything that I could use to troubleshoot this.
Everything else seems to work like it is supposed to, so I don’t know where to start.
systemctl enable urt.service
systemctl start urt.service
systemctl status urt.service
The status and the web interface reports that the service is enabled and started.
####### systemctl enable urt.service
Created symlink from /etc/systemd/system/multi-user.target.wants/urt.service to /usr/lib/systemd/system/urt.service.
####### systemctl status urt.service
● urt.service - Urban Terror 4.3.4
Loaded: loaded (/usr/lib/systemd/system/urt.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-08-13 05:28:35 CEST; 8h ago
Main PID: 7568 (start.sh)
CGroup: /system.slice/urt.service
├─7568 /bin/bash /home/urt/urbanterror43/q3ut4/start.sh
└─7569 /home/urt/urbanterror43/Quake3-UrT-Ded.x86_64 +set fs_game …
Aug 13 14:04:48 system.nethserver.lan start.sh[7568]: Kill: 1 4 15: Cheetah k…
Aug 13 14:04:50 system.nethserver.lan start.sh[7568]: Kill: 5 1 20: Cougar ki…
Aug 13 14:04:50 system.nethserver.lan start.sh[7568]: Assist: 3 5 1: Cobra as…
Aug 13 14:04:56 system.nethserver.lan start.sh[7568]: ClientSpawn: 1
Aug 13 14:04:56 system.nethserver.lan start.sh[7568]: ClientSpawn: 3
Aug 13 14:04:56 system.nethserver.lan start.sh[7568]: ClientSpawn: 4
Aug 13 14:05:14 system.nethserver.lan start.sh[7568]: Kill: 1 4 23: Cheetah k…
Aug 13 14:05:26 system.nethserver.lan start.sh[7568]: ClientSpawn: 4
Aug 13 14:05:26 system.nethserver.lan start.sh[7568]: Kill: 5 1 20: Cougar ki…
Aug 13 14:05:41 system.nethserver.lan start.sh[7568]: ClientSpawn: 1
Hint: Some lines were ellipsized, use -l to show in full.
Not sure where to find if it is active-backup or balanced mode, but these are my interfaces:
Forget it, I thought you were talking of a multi-wan setup with multiple providers.
You can use journalctl and search for the previous failed start at boot.
journalctl -u urt.service
Or after a reboot if the service(s) is down then you can check for their status (systemctl status -l urt) which usually provides some hint on the failed start attempt.
I don’t know what happened, but after enabling all the custom services they now start at boot time. Maybe I forgot to enable them in the first place.
Sorry for the inconvenience.
This is still mentioned in the web interface of the firewall:
And I am still unable to connect to my game servers with the external ip address and they are not listed.
[EDIT]
Not sure if this helps, but I changed the ping interval from 5 to 30 seconds and I am also testing WAN to Active-backup, but so far no luck.
Release role of the WAN(red) interface and reconfiguring it with DHCP also did not solve the problem.
I wonder if this problem started when I still had 3 NIC’s (1 onboard), because afaik I don’t make use of multi-WAN.
Btw, I always used only 2 NIC’s.
the service might not be using the tcp port but only udp.
Urban Terror typically uses the following default ports:
Game Server Port: 27960 (UDP)
Master Server Port: 27950 (UDP)
HTTP Server Port: 8080 (TCP)
The game server port is primarily used for game traffic, while the master server port is used for server listings. The HTTP server port can be used for web-based server management or stats.
I managed to boot my old ClearOS box and -workstation where it worked and used the same ports on my NS7 box, but I still cannot connect my game clients to my new game servers.
The problem is that according to canyouseeme.org the ports are still not accessible.
All I can do with 2 of my game servers is connect to the local ip so I can confirm that they are at least up and running.
With the other 2 I have to be listed online first and that never happens so at the moment no one is able to connect to them from the Internet.
Must be something with the firewall or NIC and the problem I mentioned earlier with the status down.
This status used to be green, but something changed and I don’t know what.
are there any network devices before reaching nethserver? (modem, router, firewall…)
Internet connection type (xDSL, fiber…)?
Is nethserver connected to a modem, or configured as PPPoE with settings given by the provider, or something else?
From some screenshot I think it is connected to a modem and receive a public IP address, but I could be wrong.
Maybe with the network map and settings someone else will get a better picture and can help.
On ClearOS, how were the network interfaces configured?
I suspect it’s a configuration problem, because the status down issue is new and wasn’t the case earlier with my NS7 box.
I never used PPPoE and I think the problem started after testing different NIC’s.
This is how it was with my ClearOS box:
LAN - switch - COS box - router - xDSL Internet
I used to double NAT by portforwarding all the ports from my router to the WAN ip of my COS box, opened the ports for my COS box and portforwarded the required ports for the services on my LAN.
This is now with my NS7 box:
LAN - switch - NS7 box - bridged router - xDSL Internet
The interfaces are used in the same way as with the COS box, with the difference that my router is now bridged, so no more double NAT which in theory should make things more simple.
Now I only open ports on my NS7 box and portforward a few ports for the services on my LAN.
Setting the Internal DNS is the correct, cleaner way to solve this issue, also known as Split-Brain DNS. This means Internal DNS can use different Internal IPs than the External DNS, which will always point to your externel gateway address. Here, traffic does NOT need to pass thru the firewall twice. Use the DNS settings in the Cockpit to set this!
I’m not a gamer myself, but I’m aware that gamers always worry about packet delays and such, so this would be a good option!
Hairpin DNS is the “easier” way, but here traffic passes through your firewall twice.
Personally, I never use Hairpin DNS, as I prefer correct DNS entries.
OpenSource means you are free to choose - which way you prefer, and whose advice you listen to!
Thanks for explaining that to me.
I prefer the DNS solution for obvious reasons, but neither solved my problem.
The only ip address that can be scanned with canyouseeme.org is your own external ip, so I can’t make a mistake there.
I have attempted several DNS servers specifically for my ISP, but also 8.8.8.8 from Google and none of them solved my problem.
I am able to access the web interface with my domain name, so that must mean that my DNS settings are correct.
Even when I don’t like the idea that this is possible, because now you can access my NS7 web interface from the Internet and I don’t want that.
I have made some progress though, because according to canyouseemee.org I can at least confirm that 1 port is open, so it’s probably not a firewall issue.
But none of the ports of my game servers are open and I have used the exact same way to open them.
Reason: Connection timed out
So I must assume that my ISP is not blocking those ports.
The problem of status down is not addressed yet and I think that this causes the problems.
You DO know that access to the newer Cockpit CAN be blocked from the Internet?
Same goes also for the older NethGUI, if you still have those installed.
