Login Store Community Support
Change language
View desktop website
© Valve Corporation. All rights reserved. All trademarks are property of their respective owners in the US and other countries. Privacy Policy  |  Legal  |  Steam Subscriber Agreement  |  Refunds
All Discussions > Tools & Servers > Half-Life Dedicated Server (Linux) > Topic Details
Indig0 Aug 12, 2014 @ 11:00am
HLDS and iptables
I've installed HLDS on a dedicated machine running CentOS 6 and opened all ports in this list using similar commands to these of course changing udp to tcp where necessary:

iptables -A INPUT -p udp -m udp --sport 27000:27030 --dport 1025:65355 -j ACCEPT iptables -A INPUT -p udp -m udp --sport 4380 --dport 1025:65355 -j ACCEPT

Server connects to master and VAC servers, however nobody can connect to the server and it's not listed in favorites list (100% that ip/port is right).

If I turn off iptables it works as expected. I'm not an expert of using them so maybe I'm setting something wrong? For many other reasons I cannot leave iptables off.

Thanks!
< >
Showing 1-10 of 10 comments
Broetchen Aug 16, 2014 @ 5:55pm 
According to this wiki and my own experiences you need to open 27015 udp/tcp only.

Also, you seem to have accidently swapped -sport and -dport in your INPUT rule. With those rules all clients connecting through port 27000 to 27030 on their side can connect to your server ports ranging from 1025 to 65355.

These are the INPUT rules that I use for my server:
iptables -A INPUT -p udp --dport 27015 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 27015 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

That way UDP and TCP connections from anywhere going to any ip of the server at port 27015 are allowed.
Last edited by Broetchen; Aug 16, 2014 @ 7:03pm
#1
Indig0 Aug 30, 2014 @ 3:03pm 
Hi, thanks for your reply, swaping source/destination ports was a good point but in my case that wasn't the cause of the problem.

Apparently default settings for my iptables (on CentOS 6) had REJECT rule at the end of the INPUT chain so when using iptables -A INPUT (which means append at the end of the chain) my rules were never reached as packets were rejected by the rule above. Solution was to use iptables -I INPUT <number of last rule (which is REJECT)>.
Last edited by Indig0; Aug 30, 2014 @ 3:04pm
#2
Broetchen Aug 30, 2014 @ 3:51pm 
Got the order of my rules wrong once and didn't notice first, too. Glad you found the solution! :)
#3
Ltk Mar 28, 2015 @ 7:03am 
Good lock!
#4
Bilbon89 Sep 5, 2015 @ 1:58am 
quoi
#5
Bilbon89 Sep 5, 2015 @ 1:59am 
il y a t il quelqu un
#6
Bilbon89 Sep 5, 2015 @ 1:59am 
#7
R@iMb0w Aug 14, 2016 @ 9:32am 
nice =)
#8
Phobos #SMURF Apr 22 @ 10:49am 
!
#9
Solo May 5 @ 5:13pm 
Originally posted by Indig0:
I've installed HLDS on a dedicated machine running CentOS 6 and opened all ports in this list using similar commands to these of course changing udp to tcp where necessary:

iptables -A INPUT -p udp -m udp --sport 27000:27030 --dport 1025:65355 -j ACCEPT iptables -A INPUT -p udp -m udp --sport 4380 --dport 1025:65355 -j ACCEPT

Server connects to master and VAC servers, however nobody can connect to the server and it's not listed in favorites list (100% that ip/port is right).

If I turn off iptables it works as expected. I'm not an expert of using them so maybe I'm setting something wrong? For many other reasons I cannot leave iptables off.

Thanks!
#10
< >
Showing 1-10 of 10 comments
Per page: 15 30 50

All Discussions > Tools & Servers > Half-Life Dedicated Server (Linux) > Topic Details
Date Posted: Aug 12, 2014 @ 11:00am
Posts: 10
Start a New Discussion

Discussions Rules and Guidelines