Port forward help - Running Arma3 Server on Virtual Machine

m1k3ey

New Member
Apr 13, 2015
16
0
1
Hi proxmox community, i recently setup a windows virtual machine and wanted to run the arma3 game server files on there to use it as a dedicated host.

The server files run perfectly however when i try to connect to the server i cant, it seems like the port 2302 is blocked or not forwarded.

Im using a bridged connection and no matter what ive tried i cant seem to port forward the correct ports, here is my /etc/network/interfaces

Code:
# The loopback network interfaceauto lo
iface lo inet loopback


# for Routing
auto vmbr1
iface vmbr1 inet manual
        post-up /etc/pve/kvm-networking.sh
        bridge_ports dummy0
        bridge_stp off
        bridge_fd 0




# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
        address 91.121.155.43
        netmask 255.255.255.0
        network 91.121.155.0
        broadcast 91.121.155.255
        gateway 91.121.155.254
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0


iface vmbr0 inet6 static
        address 2001:41D0:1:DC2b::1
        netmask 64
        post-up /sbin/ip -f inet6 route add 2001:41D0:1:DCff:ff:ff:ff:ff dev vmbr0
        post-up /sbin/ip -f inet6 route add default via 2001:41D0:1:DCff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del default via 2001:41D0:1:DCff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del 2001:41D0:1:DCff:ff:ff:ff:ff dev vmbr0


auto vmbr2
iface vmbr2 inet static
address 192.168.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr2/proxy_arp
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j SNAT --to 91.121.155.43
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j SNAT --to 91.121.155.43


# FORWARDING 1 PORT: 2302 ARMA 3 GAME SERVER PORT
post-up iptables -A INPUT -d 91.121.155.43/32 -p udp -m state --state NEW --dport 2302 -i vmbr0 -j ACCEPT
post-up iptables -A OUTPUT -d 91.121.155.43/32 -p udp -m state --state NEW,RELATED,ESTABLISHED --dport 2302 -j ACCEPT
post-up iptables -t nat -A PREROUTING -d 91.121.155.43/32 -i vmbr0 -p udp --dport 2302 -j DNAT --to-destination 192.168.0.1:2302
post-down iptables -t nat -D PREROUTING -d 91.121.155.43/32 -i vmbr0 -p udp --dport 2302 -j DNAT --to-destination 192.168.0.1:2302




# FORWARDING 2 PORT: 3389 Remote desktop port, thanks to nemesiz 
post-up iptables -t nat -A PREROUTING -d 91.121.155.43/32 -i vmbr0 -p tcp -m tcp --sport 1024:65535 --dport 3389 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DNAT --to-destination 192.168.0.1:3389

can anyone help me? im really struggling to do this.

Thanks everyone.
 
You do not need these rules because you do NAT routing
iptables -A INPUT -d 91.121.155.43/32 -p udp -m state --state NEW --dport 2302 -i vmbr0 -j ACCEPT
iptables -A OUTPUT -d 91.121.155.43/32 -p udp -m state --state NEW,RELATED,ESTABLISHED --dport 2302 -j ACCEPT

As for NAT try:
iptables -t nat -A PREROUTING -d 91.121.155.43/32 -i vmbr0 -p udp -m udp --sport 1024:65535 --dport 2302 -j DNAT --to-destination 192.168.0.1:2302
 
You do not need these rules because you do NAT routing
iptables -A INPUT -d 91.121.155.43/32 -p udp -m state --state NEW --dport 2302 -i vmbr0 -j ACCEPT
iptables -A OUTPUT -d 91.121.155.43/32 -p udp -m state --state NEW,RELATED,ESTABLISHED --dport 2302 -j ACCEPT

As for NAT try:
iptables -t nat -A PREROUTING -d 91.121.155.43/32 -i vmbr0 -p udp -m udp --sport 1024:65535 --dport 2302 -j DNAT --to-destination 192.168.0.1:2302

Once again thanks for the reply nemesiz :D

I just tested it and it seems to still be blocked.

Not sure why, noob question but does an application have to running on that port for it to become active?

thanks
 
Yes, application must run if you want to get respond. In other way you can test from VPS with tcpdump like `tcpdump -n udp and port 2302` to see does the packet reach the VPS
 
Still it doesnt work :(

Tcpdump says this:

Code:
root@ns342315:~# tcpdump -n udp and port 2302tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
 
Can you print result of ifconfig from your VPS ?

Sure nemesiz here you go:

Code:
                                                                                                                                                            root@ns342315:~# ifconfig
dummy0    Link encap:Ethernet  HWaddr 92:06:84:62:bc:a3
          inet6 addr: fe80::9006:84ff:fe62:bca3/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:633 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:41894 (40.9 KiB)


eth0      Link encap:Ethernet  HWaddr 00:25:90:05:ba:e4
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:430782 errors:0 dropped:0 overruns:0 frame:0
          TX packets:194911 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:51298786 (48.9 MiB)  TX bytes:81771396 (77.9 MiB)
          Interrupt:16 Memory:faee0000-faf00000


lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:45788 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45788 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:65018780 (62.0 MiB)  TX bytes:65018780 (62.0 MiB)


tap100i0  Link encap:Ethernet  HWaddr 12:22:9d:fc:91:b3
          inet6 addr: fe80::1022:9dff:fefc:91b3/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:21289 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17753 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:4012590 (3.8 MiB)  TX bytes:11397116 (10.8 MiB)


venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                                                                                                                                                             
          inet6 addr: fe80::1/128 Scope:Link
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


vmbr0     Link encap:Ethernet  HWaddr 00:25:90:05:ba:e4
          inet addr:91.121.155.43  Bcast:91.121.155.255  Mask:255.255.255.0
          inet6 addr: fe80::225:90ff:fe05:bae4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:426587 errors:0 dropped:0 overruns:0 frame:0
          TX packets:177771 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:45076680 (42.9 MiB)  TX bytes:80838408 (77.0 MiB)


vmbr1     Link encap:Ethernet  HWaddr 92:06:84:62:bc:a3
          inet6 addr: fe80::9006:84ff:fe62:bca3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:578 (578.0 B)


vmbr2     Link encap:Ethernet  HWaddr 12:22:9d:fc:91:b3
          inet addr:192.168.0.254  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::40ff:5eff:fed6:d1cc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20830 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17150 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3707694 (3.5 MiB)  TX bytes:11357849 (10.8 MiB)
 
I see its your host network. How about inside your VPS where you want to run game server ?

Erm im not sure what you mean by inside your VPS, i logged in via SSH to the dedicated server and ran the Ifconfig.

Do you mean execute ifconfig on my virtual machine?
 
Yes, run ifconfig and then tcpdump command to see if the packet comes to VM (don`t forget to send UDP packet to port 2302 from outside)
 
Yes, run ifconfig and then tcpdump command to see if the packet comes to VM (don`t forget to send UDP packet to port 2302 from outside)

just done a tcp dump and sent a packet to 2302 and i got this:

Code:
root@ns342315:~# tcpdump -n udp and port 2302
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:08:21.675660 IP 86.0.22.41.55056 > 91.121.155.43.2302: UDP, length 0
^C
1 packet captured
1 packet received by filter
0 packets dropped by kernel

I have the game server running on the windows vm. Yet when i try to connect to it in game it doesnt let me :(
 
Try to catch ` tcpdump -ni vmbr0 udp and port 2302 and host 192.168.0.1 `
If you will get some results then check windows firewall if you can`t connect to game server.
 
Try to catch ` tcpdump -ni vmbr0 udp and port 2302 and host 192.168.0.1 `
If you will get some results then check windows firewall if you can`t connect to game server.

Ok ive done that, i send a packet from my pc to the vm and this is what i get:

Code:
root@ns342315:~# tcpdump -ni vmbr0 udp and port 2302 and host 192.168.0.1tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
root@ns342315:~#

It doesnt appear to be receiving anything
 
Sorry my bad

tcpdump -ni vmbr2 udp and port 2302 and host 192.168.0.1

Ok just done that and sent 2 packets to that port, i got this

Code:
root@ns342315:~# tcpdump -ni vmbr2 udp and port 2302 and host 192.168.0.1tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmbr2, link-type EN10MB (Ethernet), capture size 65535 bytes
19:30:35.853527 IP 86.0.22.41.55056 > 192.168.0.1.2302: UDP, length 0
19:30:37.109890 IP 86.0.22.41.55056 > 192.168.0.1.2302: UDP, length 0
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
 
Ok just done that and sent 2 packets to that port, i got this

Code:
root@ns342315:~# tcpdump -ni vmbr2 udp and port 2302 and host 192.168.0.1tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmbr2, link-type EN10MB (Ethernet), capture size 65535 bytes
19:30:35.853527 IP 86.0.22.41.55056 > 192.168.0.1.2302: UDP, length 0
19:30:37.109890 IP 86.0.22.41.55056 > 192.168.0.1.2302: UDP, length 0
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel

Ok its now working! WOO! thanks man!
 
This tool is only for debugging network package flow. Not to do any magic trick. But its good that everything works for you.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!