Having a bit of a struggle with getting my zandro servers to be visible in doomseeker.
Running fedora 38 server on a beelink minipc alongside dedicated servers for many other games (sven, halflife, ioquake3) all of which list on their respective browsers without issue and their servers are joinable.
Using latest stable version 3.1 of Zandro, compiled without issue upon installing some lib dependencies. My doomseeker is from a fedora copr repo via rpm install (v1.3.3)
I'm on a centurylink/quantum fiber residential line. It's just standard IPoE with a DHCP ipv4 assigned WAN address in the 71.1.x.x range. On my fiber ONT, i just have transparent bridging enabled so it passes through directly to my PFsense box.
I have the firewalld service disabled in fedora as i have another beelink minipc acting as my hardware firewall/router. SELinux is enabled, but not causing any denials or issues with anything.
I made sure ports 10666 through 10700 are open on UDP via NAT entry and firewall rules applied (same process i did for the other games and their respective ports). Outbound are all generated automatically based on inbound rules/NAT entries.
I can successfully tested these ports as open from a Web check for UDP port scans (confirms open)
I have "tsharked/wiresharked/ss -plant" all traffic and ports running from the zandorum-server and confirmed that it's making it from my LAN ip to my WAN ip and out to master server. I can even see packets coming back in from master to my WAN ip and then correctley port forwarded back down to the lan address host.
I can see my server listed as on local lan ip in the browser, so i even tried running zandronum-server with the "-nobroadcast" option to try to force it stop broadcasting to lan and in hopes that it would force it to broadcast correctly to master to no success.
I've tried variations of the following command and the server always starts without issue:
./zandronum-server -port 10666 +sv_hostname "BuckTest" +cooperative 8 -iwad DOOM.WAD
At least, I think its starting up successfully? (i scrubbed my internal host lan ip from the pic, but can confirm it lists it correctley)
https://pasteboard.co/71cnTsGchY2v.png
Possibly masterserver blocking centurylink wan subnet range? That would be my only guess at this point.
[RESOLVED] Server not listing in Doomseeker - ports open, traffic sending, still not sure why?
[RESOLVED] Server not listing in Doomseeker - ports open, traffic sending, still not sure why?
Last edited by buckshot on Wed Sep 13, 2023 5:56 am, edited 1 time in total.
Re: Server not listing in Doomseeker - ports open, traffic sending, still not sure why?
So this was resolved, I'll share my conversation from discord here for anyone else facing said-issue.
"""""....I am chalking it up as some NAT weirdness [within pfsense].
I took your suggestion of trying to connect to any currently listed Zandro game to rule out scope/range ban affecting my WAN IP. As my dedicated fedora 38 server has no display manager/gui installed, I opted for just installing it on a beater laptop I have Fedora 38 Workstation on with default gnome/wayland. Instead of compiling zandronum from source as i had on the dedicated server (which uses latest 3.2a dev build for zandro server), I opted just to quickly install the flatpak on my workstation. Doomseeker started up, I picked some random low-latency doom e1m1 coop server and joined no problem in the middle of a match with a couple others. [so my WAN IP is not blocked as previously thought]
Then I go back to the server browser list, and to my honest surprise.... there was my 71.1.x.x server way down at the bottom of the list with a "No Response". Which was a first. Didn't make sense to me... nothing had changed since trying doomseeker (built from latest source) on another workstation where i could only ever see it listed as LAN.
Zandro Masterserver was now at least registering it, but had some sort of issue communicating to it. Then I observed something odd; doomseeker was trying to communicate back to my WAN IP on a UDP port that wasn't even relevant to the port i had started the server on (which was 10666). Doomseeker was trying to reach it back at 71.1.x.x:58200 or something.
I thought "Well this sounds like some sort of weird NAT issue". So I killed the dedicated server, restarted it specifying a different port (10669). And again, Doomseeker saw it, still "No Response", but with a different random UDP port to my WAN IP it was listing (this time like 35367). I killed the server a few more times, starting it again each time with a different port, observing that Doomseeker would see it but list it was trying to reach it yet again through a random, non-relevant UDP port.
I could see my firewall blocking these random UDP ports it was trying to reach from. So I thought "Well, if i make a NAT port forward range for UDP * through * (all ports) from my WAN to that internal host, that should do it". Obviously, not safe, no... but in my head that should do the trick. Well it didn't, at least not initially. After retrying several more times and observing the same "No Response" outcome, i went to check my firewall logs. It wasn't blocking these random ports anymore. So then i thought "maybe this is some sort of NAT 1:1 or NAT Reflection issue... where its not mapping these ports right through NAT"
So i left all port forwards open for UDP from WAN to the host internal IP and made sure the firewall rules were all automatically genereated. Then I setup a NAT 1:1 from my WAN IP to the internal IP and made sure that NAT Reflection was enabled. GLORIOUS SUCCESS!!!!! That did it! Started a few servers on ports 10666, 10667, 10668..... all of them now listing in Doomseeker browser correctly and the browser now shows the correct port associated with my WAN address.""""
tl;dr..... if using pfsense, opening all UDP ports via a NAT port forwarding entry from the WAN IP to the internal zandro host IP, (which also autogenerates the appropriate firewall rules for these ports) and then also enabling NAT 1:1 with NAT reflection for the same WAN address and internal zandro host ip should do the trick. Also make sure that your outbound NAT entries are automatically generated upon port forwarding entry creations It sucks in that all UDP ports need to open in that regard, but thats the shenanigans that using NAT result in.
"""""....I am chalking it up as some NAT weirdness [within pfsense].
I took your suggestion of trying to connect to any currently listed Zandro game to rule out scope/range ban affecting my WAN IP. As my dedicated fedora 38 server has no display manager/gui installed, I opted for just installing it on a beater laptop I have Fedora 38 Workstation on with default gnome/wayland. Instead of compiling zandronum from source as i had on the dedicated server (which uses latest 3.2a dev build for zandro server), I opted just to quickly install the flatpak on my workstation. Doomseeker started up, I picked some random low-latency doom e1m1 coop server and joined no problem in the middle of a match with a couple others. [so my WAN IP is not blocked as previously thought]
Then I go back to the server browser list, and to my honest surprise.... there was my 71.1.x.x server way down at the bottom of the list with a "No Response". Which was a first. Didn't make sense to me... nothing had changed since trying doomseeker (built from latest source) on another workstation where i could only ever see it listed as LAN.
Zandro Masterserver was now at least registering it, but had some sort of issue communicating to it. Then I observed something odd; doomseeker was trying to communicate back to my WAN IP on a UDP port that wasn't even relevant to the port i had started the server on (which was 10666). Doomseeker was trying to reach it back at 71.1.x.x:58200 or something.
I thought "Well this sounds like some sort of weird NAT issue". So I killed the dedicated server, restarted it specifying a different port (10669). And again, Doomseeker saw it, still "No Response", but with a different random UDP port to my WAN IP it was listing (this time like 35367). I killed the server a few more times, starting it again each time with a different port, observing that Doomseeker would see it but list it was trying to reach it yet again through a random, non-relevant UDP port.
I could see my firewall blocking these random UDP ports it was trying to reach from. So I thought "Well, if i make a NAT port forward range for UDP * through * (all ports) from my WAN to that internal host, that should do it". Obviously, not safe, no... but in my head that should do the trick. Well it didn't, at least not initially. After retrying several more times and observing the same "No Response" outcome, i went to check my firewall logs. It wasn't blocking these random ports anymore. So then i thought "maybe this is some sort of NAT 1:1 or NAT Reflection issue... where its not mapping these ports right through NAT"
So i left all port forwards open for UDP from WAN to the host internal IP and made sure the firewall rules were all automatically genereated. Then I setup a NAT 1:1 from my WAN IP to the internal IP and made sure that NAT Reflection was enabled. GLORIOUS SUCCESS!!!!! That did it! Started a few servers on ports 10666, 10667, 10668..... all of them now listing in Doomseeker browser correctly and the browser now shows the correct port associated with my WAN address.""""
tl;dr..... if using pfsense, opening all UDP ports via a NAT port forwarding entry from the WAN IP to the internal zandro host IP, (which also autogenerates the appropriate firewall rules for these ports) and then also enabling NAT 1:1 with NAT reflection for the same WAN address and internal zandro host ip should do the trick. Also make sure that your outbound NAT entries are automatically generated upon port forwarding entry creations It sucks in that all UDP ports need to open in that regard, but thats the shenanigans that using NAT result in.