Firewall Ports

[Gandalf]

I'm just setting up my firewall and I searched around for the ports needed. Found these on the CS web forum. Thought they may be useful here. If there are any other games and you have ports - rules for them then add them to this topic!


TCP 6003 outbound, incoming replies (as specified in woncomm.lst)
TCP 7002 outbound, incoming replies (as specified in woncomm.lst)
UDP 27010 outbound, incoming replies (as specified in woncomm.lst)
UDP 27011 outbound, incoming replies (as specified in woncomm.lst)
UDP 27012 outbound, incoming replies (as specified in woncomm.lst)
UDP 27013 outbound, incoming replies
UDP 27015 outbound, incoming replies on 27015-27050

[smilodon]

That appears somewhat mores secure than my
own Kerio Firewall rule

Protocol= TCP/UDP
Local= Any address any port
Remote = Any address any port
Direction= incoming & outgoing
Rule= allow

I big hole I think, I'll try adding your port settings Thanks

[albert]

I'm just setting up my firewall and I searched around for the ports needed. Found these on the CS web forum. Thought they may be useful here. If there are any other games and you have ports - rules for them then add them to this topic!


TCP 6003 outbound, incoming replies (as specified in woncomm.lst)
TCP 7002 outbound, incoming replies (as specified in woncomm.lst)
UDP 27010 outbound, incoming replies (as specified in woncomm.lst)
UDP 27011 outbound, incoming replies (as specified in woncomm.lst)
UDP 27012 outbound, incoming replies (as specified in woncomm.lst)
UDP 27013 outbound, incoming replies
UDP 27015 outbound, incoming replies on 27015-27050

That sounds pretty much good enough. My firewall allows me to connect to anything and I have to do what you have done above but only to let internet traffic inside. I've built up quite a list actually for things like kazaa and direct connect, ftp server, telnet, web server etc... But the counter strike or halflife won servers only connect to you if you connect to them first so I only needed to open 27015 to let users play on my server.

So your outbound and incoming replies should have you covered but 27005 is another one, usually for your client port whn on a server so that might be required outbound.

[Gandalf]

Havn't needed 27005 yet.

And stick your list up... lets make this thread 'The most useful post of the year'

[Anonymous]

Here's a very useful page that lists ports for lots of apps:

http://www.practicallynetworked.com/sharin...p_port_list.htm

If you play directplay games then you need a huge number of ports open which is bad news. However, if you download an app called DXport then you can dictate which port the game runs on and can consequently reduce the number of ports you need to open in your firewall (which is a good thing).

DX Port can be found here:

http://www.puffinsoft.com/

DXport also allows multiple clients to play the same game on the net through a nat firewall which can be a problem otherwise.

[suicidal_monkey]

so, I need to open up ALL those ports to run a server?

The guide I saw on http://server.counter-strike.net/help/basics.html only lists 5

Incoming UDP to local destination 27015.
Outgoing UDP to remote destination 27010, 27012.
Outgoing TCP to remote destination 5273.
Outgoing TCP to remote destination 7002

and 3 of those are outgoing. Surely you only have to open incoming port for people to connect? It half worked, although my own ASE couldn't ping it it could detect it at least.

[Anonymous]

If you want to run a CS server behind a firewall and let people connect to it then the ONLY port you need open is the port the server runs on (27015 for example). That is how my server is setup and so far no probs!

Oh my firewall supports SPI so any outbound traffic is allowed by default. I know that some people may feel that this is less secure than precisely defining which outbound ports are allowed but I find it a PITA so allow SPI to run things.

[tugs]

We should probably update this thread for the 1.6 ports as well, although their definition is wildly unclear as to what "open" means..

[DuVeL]

Also a quit handy site: http://www.portforward.com/default.htm

[Anonymous]

With the latest server patches I need to open 27010 to 27040 to get Stea/CS:S working and visible

[Doorman]

I'm at my wits end(didn't have far to go, I know )
Here's the scenario: D-Link DIR655 router. I can run servers for LFS and netKarPRO with no problem whatsoever. They show in their respective lobbies and I can connect to them as per usual. As far as rFactor is concerned it's a different tale.
Ports are forwarded to the server machine in the same manner as the other two games. When the server is running it does not show up in the rFactor lobby, however, if I enter the IP address the server appears but when I try to join, it times out.

The results of DynDNS's port tester with the server running.

An attempted connection to 94.168.127.118:34397 was refused. This typically indicates     that there are no services available on that port, but that it is     NOT being blocked by a firewall or your ISP.

That goes for 34297 as well

This is the other port that is used

94.168.127.118:34447 is open and accepting connections. This indicates     the port is not being blocked by either a firewall or your ISP and     is currently operational.

I can join other servers with no problems.

Anyone got a service revolver I can borrow?

[Anonymous]

You need:

UDP 34297
UDP 34397
TCP 34447

[Doorman]

You need:

UDP 34297
UDP 34397
TCP 34447

Oh that it was that simple. I'd been running an rFactor server very successfully for a few months before the new router.

[Anonymous]

Oh that it was that simple. I'd been running an rFactor server very successfully for a few months before the new router.

post a screen shot of your port forwarding page

[Doorman]

post a screen shot of your port forwarding page