Firewall block HFS even though it's allowed and Port Forward.

[draakans]

Hey guys, first of all congratulations on that cool program which seems to be useful, secure and easy to use.

I just download HFS yesterday and tried to walk through the guide but have some issues. I'm using a 2Wire 2701HG-B ADSL Modem/Router and a RadialPoint Firewall/Anti-virus.

The point is: At first, I set the HFS port to 1985 (some random port). I allowed it in the router and in the Firewall. When the Firewall is off the Self-Test is working. When it`s on it doesn't.

So the port would be forward properly in the router but not in the Firewall! I tried to change the way it was forward playing with: TCP or/and UDP, Directions Both Side, changing the port to default 80, 8080. No matter what I do it keeps failing the Self-Test when the Firewall is on.

When the first popup appears (would you like to allow HFS to go on the internet) I click YES and I see it on my list of allowed progs. I'm kinda confused, does HFS uses other port or protocol than the one specified on the Main window? Maybe the firewall is blocking those kind of application, so I tried to Disabled/Enabled some default features. Still not working. I allowed several ports to host games already and never had problems.

Please help. Thx
Regards
Yan

[AvvA]

I don't know your firewall nor your router, but I know what's necessary for HFS to work, i'll just tell you this and hope that your experience with hosting games servers will be enough for you to correct your problem.

This concerns your router configuration with HFS. Even if it seems to come from your firewall, it can be usefull to see how they do it.

Then, for your firewall, it must allow hfs.exe to act as a server on the port you've choosen (with TCP).
As HFS is a secure application, you can allow it to act as a client too, that way, it could check for a new HFS version at the launch.

With all this it should work.
You should try another port number as those low ones are often used by the system (try something like 10000, just to test), but as it works with firewall off, the problem shouldn't come from this (except if your firewall uses this one : 1985).


Sorry to only repeat what you probably already knows...

[draakans]

First thx for the reply. Any ideas/suggestions are welcome
I already did the port forward in the router from the link you gave me.

However, I have HFS.exe allowed in the firewall. But there's no way to see which port or direction it allows by just pressing the "allow" button. I guess it allows it only for "Incoming" direction and would remain Block for the "outgoing". It could be the problem. The 1985 port is allowed on Both direction. I'll try using an Higher port, it worth the try

Then, for your firewall, it must allow hfs.exe to act as a server on the port you've choosen (with TCP).
As HFS is a secure application, you can allow it to act as a client too, that way, it could check for a new HFS version at the launch.

Just to make sure, by "acting like a server", you mean to allow the Outgoing direction on the port right?

Thx

PS: U seem better than me in english and you're from France, I'm a French-Canadian.


// edit: I tried with port 10000 and It was already forward by the firewall for some default feature. Didn't work. I tried with 7777 (which is Unreal's Port), still not working.
I set the HFS.exe to Ask for permission. When I use Self-Test, I can see the pop-up, even if I hit allow the test still fail. :s

[draakans]

sorry for double post

I SC the firewall's log.


I tried to Port Forward 4437 and the request went to 4460. I tried to PF 4460, still not working

[AvvA]

Just to make sure, by "acting like a server", you mean to allow the Outgoing direction on the port right?

Thx

PS: U seem better than me in english and you're from France, I'm a French-Canadian.

thanks you so ^^
(if you speak more french than english, there is a completely translated version of HFS in the french part of this forum)

And nope, I meant to allow incoming traffic, in fact, allowing external visitors to request a connection to your computer, to your HFS server more precisely. It's only your local port, others can request from any port.
In your screenshot we can see the test on the 4437 from web5.u2-web.com, and we can see it's blocked as the title of the windows shows it.
I do it also and look at my logs, it shows requests on severals ports and also the right one (and test worked, but my logs shows "accepted connection" ^^).

Have you tried to just allow completely HFS (in/out) ? Then allow only incoming traffic ? Then only incoming on your unique HFS port ? (in your firewall settings)

// edit: I tried with port 10000 and It was already forward by the firewall for some default feature. Didn't work. I tried with 7777 (which is Unreal's Port), still not working.
I set the HFS.exe to Ask for permission. When I use Self-Test, I can see the pop-up, even if I hit allow the test still fail. :s

for the popup it depends on your firewall rule, you accept to apply the rule you maked for HFS.
About the 7777 port, did HFS says that it was used by another application (try port 20000 or 25543 ^^), or it just didn't worked (dunno what to say...) ?

It makes me think that perhaps you configured some rules in HFS, like bans, listening on 127.0.0.1 or things that can do that it doesn't work... if this is the case, you could save all the ini, vfs and others created files, and test the selftest just after entering your choosen port at the top of HFS...

I begin to miss idea, I'll wait your answer to see if something matches what's happening to you

[draakans]

And nope, I meant to allow incoming traffic, in fact, allowing external visitors to request a connection to your computer, to your HFS server more precisely. It's only your local port, others can request from any port.

So when the Firewall pop-up to allow HFS.exe, it probably allows it for Outgoing traffic only. Is there another port I have to forward or just the one I selected? I guess when you allow a proggy through the firewall, it must forward a port. I'll have to find a way to allows HFS.exe Incoming too. (I guess)

In your screenshot we can see the test on the 4437 from web5.u2-web.com, and we can see it's blocked as the title of the windows shows it.
I do it also and look at my logs, it shows requests on severals ports and also the right one (and test worked, but my logs shows "accepted connection" ^^).

How do you know the Website's name with the IP address? And why does it try on the port 4437, shouldn't it try only on my selected port and HFS's default (80,81,7000,8080,9000 etc) ?
I'll have to find a way to see "accepted connections" on my firewall. To see if at least the selected port is forward properly. I've tried with PortChecker but it seems to be checking for the router only.

Have you tried to just allow completely HFS (in/out) ? Then allow only incoming traffic ? Then only incoming on your unique HFS port ? (in your firewall settings)

As I was saying before, I guess not. How do I do to allows it full? The HFS port is ok though. I don't think that when I click the "allow" button on the FW it allows both In and Out traffic.

About the 7777 port, did HFS says that it was used by another application (try port 20000 or 25543 ^^), or it just didn't worked (dunno what to say...) ?

It makes me think that perhaps you configured some rules in HFS, like bans, listening on 127.0.0.1 or things that can do that it doesn't work... if this is the case, you could save all the ini, vfs and others created files, and test the selftest just after entering your choosen port at the top of HFS...

It just didn't work. It doesn't tell me that is used by another application. I tried both 20000 and 25543. I'll reinstall HFS just to see.
thx

[draakans]

Big news. For some reasons (still unknown). It started to work on port 81. (which is not forward in the firewall nor the router)
But maybe since it's a default port.

The only thing is, it takes an external connection attempt to make it work.

I ran the Self test, it wasn't working. My pal tried to connect to it and it works. Then the self test has passed .... Any1 knows why?
I can't access the HFS using the IP adress (even with the port). I can using Localhost though.

Thx again

[AvvA]

Well, that's a good new ^^

Sorry for the dns thing, I mismatched with something else obviously...
HFS test upon rejetto.com, that's make much more sense 
you can convert IPs here : http://network-tools.com/default.asp?prog=dnsrec&host=76.68.252.115

Well for the rest, leave it to the network's mysteries ...
Normally, allowing program on one port forwarded to the same port should do what's wanted (in your particular router/firewall).
When you have transfered the new rule to the right panel of your firewall, it should be allowed on the port defined...

But at the end, knowing that it works is good enough, as it's what HFS is usefull to

[draakans]

thx a hundred times for you precious help!

[Pfactor]

i have outpost firewall and hfs dont work until i use serv-u first, this last pass the firewall (the firewall ask me if serv-u can do it and i say YES)

after that i close serv-u and all ok with HFS he works very well....

hfs alone dont cross my firewall, and deconnecting the firewall, dont work anyway, may be is a router configuration pb....

it was my solution... i post here just in case

ab imo pectore
Pfactor

[draakans]

you have to allow (port forward) the HFS port in you router.