SonicWall 2040 will not open ports

computermod14

Limp Gawd
Joined
Nov 6, 2003
Messages
327
I've got a SonicWall 2040 that is refusing to open ports. I've tried opening ports for ArmA III and CS:GO without success. Below are the services I have setup and then the access rules.

60mThsT.jpg


moOLBFP.jpg


I have the Windows Firewall disabled on the server. When I go to Open Port Check Tool and use my external IP along with 27015 for example, it shows closed. If I test 8080 which I have open on the SonicWall it shows open. Ideas?
 
Now, I don't work with SonicWalls (other than to tell people how they should set them up in general terms) so maybe I'm not reading this right. But as far as I can tell, the problem is that your source for the rule is WAN, not *. Thus it'd only allow traffic sourced from your WAN interface IP. YouGetSignal's port check won't be sourced from your WAN interface.

Unless that actually means all networks that are reachable via the WAN interface, in which case I've no idea what the problem is. I'd hit your logs and see if the rule is even acting upon the port check.

EDIT - Also, it would appear (based upon your other rules) that you're NATing from a public IP on WAN to a private network on LAN... if that's the case, traffic is going to hit the firewall destined to WAN, not LAN. Unless LAN means a separate interface you've got a public IP block assigned to and your servers hanging off of.

EDIT 2 - Well, that's also assuming that SonicWalls apply their rules to pre-NAT traffic like ASAs do when rules are applied on the same interface as the NAT statement. I know that some older Cisco firewalls actually applied their rules to post-NAT traffic though, so I'm not sure.
 
Last edited:
Now, I don't work with SonicWalls (other than to tell people how they should set them up in general terms) so maybe I'm not reading this right. But as far as I can tell, the problem is that your source for the rule is WAN, not *. Thus it'd only allow traffic sourced from your WAN interface IP. YouGetSignal's port check won't be sourced from your WAN interface.

Unless that actually means all networks that are reachable via the WAN interface, in which case I've no idea what the problem is. I'd hit your logs and see if the rule is even acting upon the port check.

EDIT - Also, it would appear (based upon your other rules) that you're NATing from a public IP on WAN to a private network on LAN... if that's the case, traffic is going to hit the firewall destined to WAN, not LAN. Unless LAN means a separate interface you've got a public IP block assigned to and your servers hanging off of.

Well I'm not clear on your EDIT part but I changed the source to ANY now instead of WAN and still have the issue.
 
Well I'm not clear on your EDIT part but I changed the source to ANY now instead of WAN and still have the issue.

Then change your destination to WAN then as well... if LAN is being interpreted as your private network and the rules are being assessed before NAT is performed, the packets are destined to your WAN (outside NAT) IP, not LAN.

If that doesn't do the trick, check the logs while you keep hitting it from YouGetSignal, and see if the traffic is even making it to the firewall and getting blocked by a rule.

Alternatively, if you feel like trusting a stranger on a networking forum, PM me the IP of your server and I'll run some scans on it.
 
This is the log that generates after trying to hit it...

Yep, destination WAN, as you see. Switching to Destination WAN instead of LAN should solve your problem.

If not, you'll need to determine why the CSGO service port lists in the SonicWall aren't corresponding with the ports you're trying to hit.

EDIT - Edited out the image as you did to prevent the interwebs being too nosy.
 
I now have source as any, destination as WAN, still not able to get a status of open. I created the CSGO services myself by obtaining appropriate ports needed to run the server from guides.
 
I now have source as any, destination as WAN, still not able to get a status of open. I created the CSGO services myself by obtaining appropriate ports needed to run the server from guides.

Hm. If the log is still generally the same, something must be wrong in the rule. can you provide the ports and whether they're tcp or udp?

EDIT - sixnetudr?

EDIT2 - Derp, they're in your OP. You might see your firewall logs light up here in a sec...

EDIT 3 - Oh, dude, the source port is in the csgo list, but the destination port isn't. The firewall rules won't be looking at your source port, but your destination port. Do you have any port forwards set up too?
Also, CSGO 3 is redundant as it's already included within CSGO 5.

So your server is at private IP 192.168.250.2... but your ARMA server is at 192.168.250.10... so you've got your public IP NATed to those servers... your firewall logs seem to indicate that they are blocking packets which still have the destination of the public IP address (hence my recommendation to use the WAN as the destination) and yet I see the port 8080 open which is listed in your rule E4200 Remote management set under the destination 192.168.250.2... and that's working fine. I really wish I better understood SonicWalls.
 
Last edited:
Nevermind, you're using standard OS it appears. If you're using enhanced OS use the public server wizard to set this up.
 
Back
Top