When NATting behind a OPNSense (or pfSense) firewall, setting up a port-forward is enough to let people manually connect to your Xonotic server when they know the IP and the port. However, the server is not showing up in the in-game server list or dpmaster.deathmask.net. This can be solved.
The description below is based on OPNSense, but it can probably be applied to pfSense too, because they share a lot. Some settings may be in a slightly different place or have a slightly different names though.
First: the port-forward:
This is to disable source port rewriting. Xonotic (and other Quak'ish games don't like it)
Read more about it here.
Especially the last is very important!
I hope this helps some people.
I'm leaving this here because it took me ages to find this out.
The description below is based on OPNSense, but it can probably be applied to pfSense too, because they share a lot. Some settings may be in a slightly different place or have a slightly different names though.
First: the port-forward:
- Go to Firewall - NAT - Port Forward
- Click +Add
- Interface WAN
- Protocol UDP
- Destination WAN address
- Destination port range (other) [port of Xonotic Server] (from en to)
- Redirect target IP Single Host or Network [IP of Xonotic Server]
- Redirect target port (other) [port of Xonotic Server]
This is to disable source port rewriting. Xonotic (and other Quak'ish games don't like it)
Read more about it here.
- Go to Firewall-NAT-Outbound
- Click on Hybrid outbound NAT rule generation
- Click +Add
- Interface WAN
- Protocol UDP
- Source Address Single host or Network [IP of Xonotic Server]/32
- Source port (other) [port of Xonotic Server]
- Destination address any
- Destination port any
- Enable Static-port
Especially the last is very important!
I hope this helps some people.
I'm leaving this here because it took me ages to find this out.
