Unifi Port Forwards not Working, does Xfinity have a hidden firewall? - Palworld

What ports did you setup besides 8211? And ping still does not work?

From here there are PC and steam ports. But I have dedicated windows server on my machine. I put both types (tcp and udp) for both steam and pc (so 4 services port forwarded)

https://portforward.com/palworld/

Hi Rob,

I learned something new, telnet and port checker can't check my 8211 port because Telnet and Port checker use TCP and I'm trying to check 8211 UDP. UDP is stateless, take this statement with a grain of salt but "there is no way to reliably determine if a UDP port is open." To reiterate, if I use telnet or Port checker it'll say closed because they can't check UDP.

For your friends to connect, you need to setup a port forward on 8211 only for UDP. I set a static IP to my computer so I knew the IP rules for the port forward were always directed at the PC that is hosting the server executable. (By that, I mean I set it so my computers IP was always 192.168.1.7),

If you want your server to show up in the public server list, you need to also port forward  27015-27016 for both TCP and UDP.

25575 for both TCP and UDP is the last port you need to forward if you're going to use the remote admin features for your server.

After that, setup the firewall rules in windows defender firewall. I only have 27015 and 8211 setup.

The two inbound rules I have are.
Name: Palworld Dedicated Server
Group: Null
Profile: All
Enabled: Yes
Action: Allow
Override: No
Program: (the Palserver.exe executable file)
Local Address: Any
Remote Address: Any
Protocol: UDP
Local Port: 8211
Any to the rest except PolicyAppId

If you repeat the above for 27015, then you'll be on the same setup as me. You may notice that I only have 27015 and am missing 27016. That's correct, I am. I just learned what the ports were for today while reviewing server files. I am telling you this because that would help show that you really only need 8211 open for friends to connect.

Those are the only two I have port forwarded and it works. Please let me know if you have any questions!

TroubleChute's guide is the guide I followed if you'd like to take a look at the same thing I did.

@SystemWANalyst​ Thank you!

Yeah I can confirm that I was going crazy wondering why the port was working with this:

https://www.portchecktool.com/

I ended up testing the connection anyway with my friend connecting to my dedicated server via hotspot and server password and it works! Despite failing on that website.

I ended up port forwarding all the ports for PC and Steam and for TCP and UDP (but as you mentioned I technically only need UDP 8211)

I changed my BitDefender firewall to "Home/Office" (Private Profile). I had set to "Dynamic" before and the other option was "Public".

Even though I had BitDefender firewall, I checked Windows firewall and although it was disabled and set to "Guest or Public Network", I turned off my BitDefender in order to use Windows firewall (and Windows Defender) temporarily to switch my wifi to use the "Private Network" just in case. Then turned my bitdefender back on.

I did turn off BitDefender's port scan protection in the firewall settings. Might try test to see if it works with it on.

I didn't create any inbound/outbound rules though.

But in my netgear router's advanced settings, I :

- (Setup/WAN SETUP) Unchecked "Disable Port Scan and DoS Protection" (I will probably test to see if I can turn this on)

- (Setup/WAN SETUP) Changed "NAT Filtering" from "Secure" to "Open" (I will probably test to see if I can turn this on; I saw some people had this issue where changing to Open helped, but is less secure)

- (Administration/Attached Devices) Made sure I was using a static local IP address for stability (I had set it earlier (prior to palworld release), but I double checked)

- (Advanced Setup) Disabled my router's Dynamic DNS (DDNS) with no-ip. I made it just for palworld, but it wasn't syncing correctly even after router reboot. So I used their desktop client to check and sync my public IP every 5 minutes. 

https://www.noip.com/

https://www.noip.com/client/DUCSetup_v4_1_1.exe

I also rebooted my router and computer a few times. I even completely turned off my router and modem for like 15 minutes (in hopes it would give me a new public IP to test out; it didn't)

But it might still be worth trying a good old reboot for both pc and router to make sure things are in order!

Awesome, I'm happy to hear they could connect!

Some people were having issues with people connecting while a password was active. If you ever run into problems again just something to consider.

It's not really dangerous to leave 8211 set for both, but IF something does end up listening to TCP 8211 later on it could be a problem. Packet loss mostly, maybe something malicious but that's not likely. I wouldn't worry about it, but to keep things proper and tidy it couldn't hurt to set it to only UDP.

Oh, okay you're using a firewall separate from Windows Firewall. I did some Googling and it looks pretty straight forward, setting up an inbound rule is essentially the same for BitDefender.
Here's how (if you don't trust my link you can google the headline and you'll find it): How to allow an app or program through Bitdefender Firewall

If I'm reading this right, Dynamic looks like BitDefender will allow all connections from local machines, but will pick and choose public settings for other traffic. The portion of traffic that isn't local will use your inbound/outbound rules. Public setting would filter all traffic.

Just curious, when you turned BitDefender back on did Windows defender auto-shut off? (Double firewall?)

Probably more info than you wanted but: Port scanning is an unfortunate part of the web. Anyone or any bot can pick a random IP address and ping it, if it's online they can run tests for random ports to see if any are open and vulnerable. Here's the thing, BitDefender is a local firewall application on your PC, it'll protect only your PC from local and external port scans. Not anything else on your network, that'd have to be done by the router.

So it would make sense that routers would have a port scan protection protocol at the network level protecting your other devices from outside traffic. The firewall for your PC is the base layer of network protection in case you're ever connected to something like a friend's house where they turned all security off, plus it will protect you from potential local attacks. (Unlikely on your home network but..)

I checked and some Netgear routers do have a port scan feature in the same screen as ddos protection. As long as you've setup a port forward rule in the router, and an inbound firewall rule for the firewall, you should have no issues with leaving port scan protection enabled. If you've got the port forward and inbound connection rules setup correctly, and it's a TCP connection, you can probably ping test the port. PSP and DOS protection shouldn't stop that, I think.

You can probably leave the dos protection enabled, because that would only prevent unreasonable amounts of packets from flooding your network. A normal server connection would not be a problem.

The NAT part is interesting, that may have definitely done something. Swapping from Strict to Open means your router would be more relaxed about the type of traffic it let's through. I'm not 100% positive if that's what did it, but something to note. 

Sounds fine to me with no ip , I checked out how their system works and the desktop client is what I'd have tried. I don't think it was really necessary, but if you want to guarantee that your public IP isn't changing and don't really want to give your public ID to friends, that's proper.

I think my only question would be if you didn't set up any inbound rules for BitDefender or WindowsFirewall how was your friend able to connect? Maybe something to do with the DDNS?

Well, if you start to troubleshoot things by turning stuff on and off again, go one by one if possible to narrow it down and make a list. You'll figure out what changed to fix it. 

I'm still here if you need any help with anything, if you do end up needing more help please let me know the model # of the devices that run your network. (Router/Modem)

I hope you have a great weekend! Happy Pal-Worlding

Cheers,

@SystemWANalyst​ 

Hey!

Sorry for the late reply. Been busy with life and playing Palworld!

Server password seems to be okay, but it is a pain each time. I wish there was a one click kinda thing if the person already joined the server.

After I turned Bitdefender back on it did auto shut off Windows Defender. 

I can't click the "Private networks" nor the "Guest or public networks" in the Windows Defender Firewall window.

Thank you for that! I will test the ddos protection and port scanning. I mainly turned them off because I thought that was blocking me from pinging my server. 

I will also test the NAT! One change at a time!

Yeah maybe the DDNS from no-ip was allowing it?

I'll post shortly!

Enjoy your weekend and palworlding!