FiftyTifty Posted October 4, 2019 Share Posted October 4, 2019 I can run the server fine with all ports open, but I've been looking at securing my server, and have figured out how to use the firewall provided by Hetzner. I can connect to it through SSH, and the 7Days server itself launches. But I can't find the ports needed for Steamworks. According to https://support.steampowered.com/kb_article.php?ref=8571-GLVN-8711 all I need to do is open port 27015 UDP & TCP. But that doesn't solve the problem. Here is the excerpt from my log: 2019-10-04T17:13:37 77.858 INF [steamworks.NET] GameServer.Init successful 2019-10-04T17:13:37 77.862 INF [steamworks.NET] Making server public 2019-10-04T17:14:07 107.554 ERR [steamworks.NET] GameServer.LogOn timed out The server successfully launches, but since Steamworks.NET fails, the client endlessly waits for Steam verification upon connecting to the server. Which other ports do I need to have open? Edit: Using Wireshark, I saw that the 7Days server makes connections on ports 443, 27020, and 27021. Added those to be allowed through the fiirewall, but the server still fails with the same error. Edit2: Found the solution. Using the socklist command, from the procinfo package, I found that the following ports were also needed to be opened: TCP - 53244 TCP - 54437 TCP - 57767 Those ports are used to connect to Steamworks in order to authenticate users. Edit3: Unfortunately, the ports change. On a second start of the server, the following TCP ports were used: TCP - 54693 TCP - 53248 What is the defined range for these additional ports used by 7Days? Edit3: Managed to find it. For real this time. After installing the tcpdump utility for Ubuntu, by entering into the terminal "apt-get install tcpdump", and the socklist utility with "apt-get install socklist", I managed to find the steam server used for matchmaking. To do this, I did the following: 1. Launch server with firewall completely open 2. Once server is launched and ready, type socklist into the terminal 3. There will be 4 or 5 different ports being used by the process 7DaysToDieServe. Look for the entries that don't use ports 26900-26902. 4. Use tcpdump on each of the used ports to see which external IPs (Steam's servers) are using those ports. 5. As an example, out of the three ports I needed to look at (50891, 53262, and 38127, note that the ports change all the time and there's no set range), 50891 was the only port getting packets, and they were from 162.254.196.84.27021. 6. Referencing https://bgp.he.net/AS32590#_prefixes I found the server (NOT IP!) I needed to allow access past my firewall: 162.254.196.0 7. In my firewall, I put in 162.254.196.84 for the source IP. After applying that setting, Hetzner's firewall automatically appended /32 to it, so it looks like this: https://i.imgur.com/AE1kkVb.png Now players can connect to my server, and my firewall still does it's job. Link to comment Share on other sites More sharing options...
SylenThunder Posted October 5, 2019 Share Posted October 5, 2019 The ports you need open for the server. 26900 TCP/UDP 26901 UDP 26902 UDP For Steam Networking, I just open up ports 27000-27100 TCP/UDP. Haven't had any issues. Link to comment Share on other sites More sharing options...
FiftyTifty Posted October 5, 2019 Author Share Posted October 5, 2019 You need to allow Steam's matchmaking servers to connect to your server as well. On Windows that would be easy enough to do; just allow everything that comes in through the process. Linux doesn't have that functionality, so you have to do it by Link to comment Share on other sites More sharing options...
SylenThunder Posted October 6, 2019 Share Posted October 6, 2019 You need to allow Steam's matchmaking servers to connect to your server as well. On Windows that would be easy enough to do; just allow everything that comes in through the process. Linux doesn't have that functionality, so you have to do it by ... opening the specific ports. The list I gave above your post is the port ranges I have open on my headless Linux dedi. If you want to use an external manager, you also need to open ports 8081 and 8082 for telnet and the web API. Link to comment Share on other sites More sharing options...
FiftyTifty Posted October 7, 2019 Author Share Posted October 7, 2019 ... opening the specific ports. The list I gave above your post is the port ranges I have open on my headless Linux dedi. If you want to use an external manager, you also need to open ports 8081 and 8082 for telnet and the web API. No, that's not opening the specific ports. You need to allow the Steamworks server to connect, which uses three random ports. You don't open 20,000 (observed using ports between 42000-58000) ports just to hope the server will use the ports within that range, you allow the server IP to access every port. That's completely different, and is not mentioned in the list at all. Telnet is wholly unsecure, and should not be used in any fashion. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.