Very odd linux Port issue

Hi guys! I am trying to instantiate a vanilla install of FiveM on 16 Ubuntu Server (VPS). I have followed the FiveM guide to a T. In the config File I have added my IP:Port (using default) to the server.cfg. I made sure that traffic flow on the default port is open for both tcp and udp packets using iptables.

Here is where it gets odd. When I have the lines as follows:

endpoint_add_tcp “158.69.123.85:30120”
endpoint_add_udp “158.69.123.85:30120”

Nothing appears in the server browser in my client.

If I change ONE of the ports:

endpoint_add_tcp “158.69.123.85:30110”
endpoint_add_udp “158.69.123.85:30120”

I CAN see the server on the server browser, but when I connect to it I get a connection error:

Failed handshake to server 158.69.123.85:30120 - Failed to connect to 158.69.123.85 port 30120: Connection refused - CURL error code 7 (Couldn’t connect to server).

when I use nmap to see if I am listen on ports in scenario A, here is what I receive:

Nmap scan report for ns524962.ip-158-69-123.net (158.69.123.85)
Host is up.
PORT STATE SERVICE
30120/tcp filtered unknown
30120/udp open|filtered unknown

Scenario B:

Host is up (0.000068s latency).
PORT STATE SERVICE
30110/tcp filtered unknown
30110/udp closed unknown

Host is up (0.00012s latency).
PORT STATE SERVICE
30120/tcp closed unknown
30120/udp open|filtered unknown

If the server (with both ports pointing to 30120) is online and I use a remote port tester tool, it responds as ‘port is closed’.

If I shut the server down and use

ncat -l 30120

which starts listening on the port, the tool says it is open. Thus I am leaning to say the port is open but not listening when the game server is started.

Does anyone have any clue what can be causing this? Again, this is vanilla installation using the most recent (March) Artifact on a totally fresh linux install with ports open via IP tables (I also tried ufw as a redundancy at one point too)

Currently both ports need to match. What are you trying to achieve by only changing one of them?

At first it was an error. I saw the server on th elist and tried to connect and got the provided cURL error.

I then changed the ports to be the same as I have seen in examples, and the server disappeared from the server browser.

I do not have a need for different ports however. It is very odd the server appears with different ports (which is my current issue), but not with the same one. It makes sense I cannot connect when they are different though.

With the server running what is the output of

netstat -anp |grep ':3120' 

Though you said the ports were “open”, not sure what that translates to. Do you mean you have an exception for the host you’re testing from or just that you added dnats for 3120 ? What is the output of

iptables-save |grep '3120'

? FWIW I get neither a refuse nor reply at all from that IP (ie DROP)

netstat shows nothing unless I have the server running. When it is running:

tcp 0 0 158.69.123.85:30120 0.0.0.0:* LISTEN 21712/ld-musl-x86_6
udp6 0 0 158.69.123.85:30120 :::* 21712/ld-musl-x86_6

-A ufw-user-input -p tcp -m tcp --dport 30120 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 30120 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 30120 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 30120 -j ACCEPT

Thanks for your response

Those rules are strictly input no? Assuming telnet from the host itself works, you could as a test do something like

iptables -I INPUT -p udp --dport 30120 -s $YOURIP -j ACCEPT
iptables -I INPUT -p udp --dport 30120 -s $YOURIP -j ACCEPT

iptables -I OUTPUT -p udp --sport 30120 -d $YOURIP -j ACCEPT
iptables -I OUTPUT -p tcp --sport 30120 -d $YOURIP -j ACCEPT

If that works then either ufw isn’t completely setup or you need other rules. Likely in ufw-user-output.

I added the OUTPUT and there was no change.

ufw status
shows it is active, and all 30120 is listed for tcp/udp (v6 too)

Added what output?

I added the OUTPUT lines to the iptables as you pasted above. tcp/udp traffic is enabled for both ways.

To me it seems the fiveM server doesnt properly start listening on the ports (particularly tcp, as it is ‘filtered’)

if I use ncat to force a process to listen on the port, it opens up and a remote port tested sees it open.

This confirms both my VPS’s provider and my linux installation are allowing in/out traffic on port 30120.

However when I start the game server, the game server doesn’t properly start listening on that port, thus not allowing detection of the port remotely.

Ah. Wasn’t sure if you did ufw or not.

nmap will show filtered if it thinks the port is open based on heuristic that aren’t necessarily accurate. If the issue were mtu related for example (which I don’t believe is the case here).

Not necessarily but agreed. it was a known point to start from. Client error was refused. Still not clear why though.

Server is listening but not responding. Was the netstat output after a fresh restart by chance? Didn’t see any send or receive queue (2nd and 3rd cols). Did telnet work locally?

I think this is similar issue that i am experiencing… I am thinking its an issue with there linux code for server side dealing with Ubuntu…

netstat wasn’t after a fresh OS restart. It was after a fresh gameserver boot though.

The telnet was performed via a third party website, so not locally.

I’m not getting any error saying the port is in use. Thank you for your response though.

Yeah that is a similar error i am getting in my last post on that link… I think this might be related. I also think this has to do with Ubuntu ipv6 on the same port… Still researching more into this on the Ubuntu side but here is what i have come up with so far…

One of the users that responded claimed that ipv6 protocol might possibly use that port when its in use however if you have ipv6 disabled like i do i don’t think this is totally my issue but getting some what closer…


**

1 Like

You ran telnet from a website?? From what I understood above you ran one of the many that do port forward tests. They do mimic a connection (SYN/ACK), but are not telnet any more then netcat is. There are a couple reasons I was asking about telnet specfically, one was to confirm local connectivity worked but also drive some traffic over it.

You’ve not said if you see any attempt at all from the server nor really provided any logs from either. Hard to tell what is going on.

Start up Logs:

root@ns524962:/home/game/servers/server-data# bash /home/game/servers/server_test/run.sh +exec server.cfg
Resolved live-internal.fivem.net:30110 to 178.32.9.100:30110
Creating script environments for _cfx_internal
Found new resource fivem-map-skater in /home/game/servers/server-data/resources//fivem-map-skater
Found new resource fivem-map-hipster in /home/game/servers/server-data/resources//fivem-map-hipster
Found new resource fivem in /home/game/servers/server-data/resources//fivem
Found new resource fivem-awesome1501 in /home/game/servers/server-data/resources//fivem-awesome1501
Found new resource runcode in /home/game/servers/server-data/resources//runcode
Found new resource essentialmode in /home/game/servers/server-data/resources//essentialmode
Found new resource gameInit in /home/game/servers/server-data/resources//[test]/gameInit
Found new resource keks in /home/game/servers/server-data/resources//[test]/keks
Found new resource betaguns in /home/game/servers/server-data/resources//[test]/betaguns
Found new resource race in /home/game/servers/server-data/resources//[gamemodes]/race
Found new resource race-test in /home/game/servers/server-data/resources//[gamemodes]/race-test
Found new resource irc in /home/game/servers/server-data/resources//[gameplay]/irc
Found new resource channelfeed in /home/game/servers/server-data/resources//[gameplay]/channelfeed
Found new resource playernames in /home/game/servers/server-data/resources//[gameplay]/playernames
Found new resource obituary-deaths in /home/game/servers/server-data/resources//[gameplay]/obituary-deaths
Found new resource obituary in /home/game/servers/server-data/resources//[gameplay]/obituary
Found new resource spawnmanager in /home/game/servers/server-data/resources//[system]/spawnmanager
Found new resource hardcap in /home/game/servers/server-data/resources//[system]/hardcap
Found new resource sessionmanager in /home/game/servers/server-data/resources//[system]/sessionmanager
Found new resource chat-theme-gtao in /home/game/servers/server-data/resources//[system]/chat-theme-gtao
Found new resource ■■■■■■■ in /home/game/servers/server-data/resources//[system]/■■■■■■■
Found new resource chat in /home/game/servers/server-data/resources//[system]/chat
Found new resource scoreboard in /home/game/servers/server-data/resources//[system]/scoreboard
Found new resource baseevents in /home/game/servers/server-data/resources//[system]/baseevents
Found new resource mapmanager in /home/game/servers/server-data/resources//[managers]/mapmanager
Found new resource yarn in /home/game/servers/server-data/resources//[system]/[builders]/yarn
Found new resource webpack in /home/game/servers/server-data/resources//[system]/[builders]/webpack
Creating script environments for sessionmanager
Started resource sessionmanager
Creating script environments for mapmanager
Started resource mapmanager
Creating script environments for chat
Started resource chat
Started resource spawnmanager
Started gametype Freeroam
Started resource fivem
Creating script environments for hardcap
Started resource hardcap
Creating script environments for ■■■■■■■
Started resource ■■■■■■■
Started resource scoreboard
Creating script environments for playernames
Started resource playernames
Stopping resource sessionmanager
Creating script environments for sessionmanager
Started resource sessionmanager
Authenticating server license key…
Server license key authencfx> tication succeeded. Welcome!
Sending heartbeat to live-internal.fivem.net:30110
Started map fivem-map-hipster
Started resource fivem-map-hipster

telnet ran from VPS:

root@ns524962:/home/game/servers/server-data# telnet 158.69.123.85 30120
Trying 158.69.123.85…

root@ns524962:/home/game/servers/server-data# telnet localhost 30120
Trying ::1…
Trying 127.0.0.1…
telnet: Unable to connect to remote host: Connection refused

Thanks. It seems he is having a similar problem.

I removed the v6 rules and there was no affect :frowning:

If your referring to me …

It should read:
Thanks. It seems she is having a similar problem.

I removed the v6 rules and there was no affect :frowning:

All Good common misspellings just wanted to get it corrected early on…

Good luck and I am still looking to resolve my issue which has been going on now for about a week… I tend not to post things until i get a few hours of playing with things first…

Are you running this in docker or just the vps and is there anything interesting in syslog? (/var/log/kern.log /var/log/apparmor* etc)

I am not using any additional containerization. Simply slapped Ubuntu16 on the VPS provided and went from there.

the kern.log shows tthe following, pretty consistenly. It seems to be related to some people trying to brute force me. THough I have secure passwords, I will have to do something about that:

May 12 13:36:34 ns524962 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=30:5a:3a:76:85:af:00:ff:ff:ff:ff:fd:08:00 SRC=81.22.45.193 DST=158.69.123.85 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=35631 PROTO=TCP SPT=59419 DPT=6578 WINDOW=1024 RES=0x00 SYN URGP=0
May 12 13:36:42 ns524962 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=30:5a:3a:76:85:af:00:ff:ff:ff:ff:fe:08:00 SRC=80.82.78.104 DST=158.69.123.85 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=26511 PROTO=TCP SPT=58878 DPT=6099 WINDOW=1024 RES=0x00 SYN URGP=0
May 12 13:38:14 ns524962 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=30:5a:3a:76:85:af:00:ff:ff:ff:ff:fe:08:00 SRC=41.235.251.207 DST=158.69.123.85 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=58741 PROTO=TCP SPT=41279 DPT=23 WINDOW=20945 RES=0x00 SYN URGP=0
May 12 13:38:29 ns524962 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=30:5a:3a:76:85:af:00:ff:ff:ff:ff:fe:08:00 SRC=80.82.78.104 DST=158.69.123.85 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=59844 PROTO=TCP SPT=58878 DPT=6098 WINDOW=1024 RES=0x00 SYN URGP=0
May 12 13:39:15 ns524962 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=30:5a:3a:76:85:af:00:ff:ff:ff:ff:fd:08:00 SRC=81.22.45.213 DST=158.69.123.85 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=40597 PROTO=TCP SPT=48254 DPT=3446 WINDOW=1024 RES=0x00 SYN URGP=0

These logs also exist in the ufw.log.

I have no apparmor* logs.

Thank you. I have been stuck on this one for no less than 8 labor hours. Not fun! I will let you know if I find a solution