Cluster only shows 1 servers

[paperrain]

Hello,

I have a little problem that happens "randomly." I have installed several servers in a cluster and it happens that "randomly" only the main server is shown, i.e. the one in the main port 7777 & 27015.

https://i.gyazo.com/thumb/1200/74bc617ffa54eb763955354b1ab00d33-png.jpg

I have configured the IPTables although by default the host I use (Soyoustart/OVH) has the ports open, I have tried with other ports and I can't fix it.

I have contacted the support of my dedicated server, but they tell me that there is no problem with the connection. I see that other servers that use the same host that I do not have this problem. Is it due to linux? Any solution?

System information: OS: Debian 9.4 (linux) CPU: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz RAM: 64GB

Base config: https://pastebin.com/s1Zwr2gV

SOLVED - Mitigation DDoS(OVH/SoYouStart): https://help.premiumark.com/article/62-configure-soyoustart-game-firewall

[klightspeed]

When this occurs, what is the status as displayed by arkmanager status @all?

[paperrain]

Everyone is "Running" and "Listening" and many times there are players online. i.e

Running command 'status' for instance 'TheIsland' Server running: Yes Server PID: 13484 Server listening: Yes Server Name: [ES/EU] Arkeologos - TheIsland X10 PVP CLUSTER NOWIPE - (v285.1 Players: 1 / 70 Active Players: 1

It happens to players randomly. And I check the "api" of steam that is all right: http://api.steampowered.com/ISteamApps/GetServersAtAddress/v0001?addr=213.32.7.133&format=json

But I don't understand why the other ports are not shown and the "predefined" one is shown.

EDIT: And I have ports separated by 2. Same cluster ID/folder.

Sorry for my english.

[klightspeed]

The query port is on UDP, so you need to use -m udp -p udp when creating the ACCEPT rules for the query ports. Note also that if you run e.g. Debian, Ubuntu or CentOS, and are using iptables to configure firewall rules, you will need to disable FirewallD as it will replace your iptables rules.

[paperrain]

Will that solve the problem? What does "-m udp" do? I don't have FirewallD installed:

systemctl status firewalld Unit firewalld.service could not be found.

Thanks!

[klightspeed]

-p udp specifies that the rule should match protocol UDP. -m udp specifies that the udp match should be used, which enables the --dport option matching the UDP port or port range.

Note that ACCEPT rules should come before REJECT or DROP rules, but after the rule that allows existing connections. I usually create a LISTEN chain specifically for rules for service ports. e.g.:

iptables -N LISTEN
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j LISTEN
iptables -A INPUT -p icmp -j ACCEPT
iptables -A LISTEN -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A LISTEN -p tcp -m tcp --dport 7778 -j ACCEPT
iptables -A LISTEN -p tcp -m tcp --dport 7780 -j ACCEPT
iptables -A LISTEN -p tcp -m tcp --dport 7784 -j ACCEPT
iptables -A LISTEN -p tcp -m tcp --dport 7786 -j ACCEPT
iptables -A LISTEN -p tcp -m tcp --dport 9998 -j ACCEPT
iptables -A LISTEN -p tcp -m tcp --dport 8000 -j ACCEPT
iptables -A LISTEN -p tcp -m tcp --dport 8002 -j ACCEPT
iptables -A LISTEN -p udp -m udp --dport 27015 -j ACCEPT
iptables -A LISTEN -p udp -m udp --dport 27016 -j ACCEPT
iptables -A LISTEN -p udp -m udp --dport 27018 -j ACCEPT
iptables -A LISTEN -p udp -m udp --dport 27019 -j ACCEPT
iptables -A LISTEN -p udp -m udp --dport 37017 -j ACCEPT
iptables -A LISTEN -p udp -m udp --dport 37021 -j ACCEPT
iptables -A LISTEN -p udp -m udp --dport 37023 -j ACCEPT
[any other services in the LISTEN chain]
iptables -P INPUT DROP

On my Debian machine, I have the iptables-persistent package installed, which sources iptables rules from /etc/iptables/rules.v4 at startup.

With this, you will need to save the iptables rules to /etc/iptables/rules.v4 after configuring them:

iptables-save >/etc/iptables/rules.v4

[paperrain]

Thank you for helping me and taking your time. These days I'll be checking the servers to see if everything works, and I'll get back to you.

Thank you very much @klightspeed!

[paperrain]

It still doesn't work. https://i.gyazo.com/6ac0065ede87ccaf495e8b47cb5420f9.png

Running command 'status' for instance 'Olympus' Server running: Yes Server PID: 13463 Server listening: Yes Server Name: [ES/EU] Arkeologos - Olympus X10 PVP CLUSTER NOWIPE - (v285.106 Players: 0 / 70 Active Players: 0 Server online: Yes ARKServers link: http://arkservers.net/server/51.75.107.61:27017 Steam connect link: steam://connect/51.75.107.61:27017 Server build ID: 3286315 Server version: 285.102

Running command 'status' for instance 'Extinction_PVE' Server running: Yes Server PID: 13454 Server listening: Yes Server Name: [ES/EU] Arkeologos - Extinction X10 PVE - CLUSTER - (v285.106) Players: 0 / 70 Active Players: 0 Server online: Yes ARKServers link: http://arkservers.net/server/213.32.7.133:37023 Steam connect link: steam://connect/213.32.7.133:37023 Server build ID: 3286315 Server version: 285.102

Running command 'status' for instance 'ScorchedEarth' Server running: Yes Server PID: 13512 Server listening: Yes Server Name: [ES/EU] Arkeologos - ScorchedEarth X10 PVP CLUSTER NOWIPE - (v2 Players: 0 / 70 Active Players: 0 Server online: Yes ARKServers link: http://arkservers.net/server/213.32.7.133:27019 Steam connect link: steam://connect/213.32.7.133:27019 Server build ID: 3286315 Server version: 285.102

Running command 'status' for instance 'TheIsland' Server running: Yes Server PID: 13484 Server listening: Yes Server Name: [ES/EU] Arkeologos - TheIsland X10 PVP CLUSTER NOWIPE - (v285.1 Players: 3 / 70 Active Players: 3 Server online: Yes ARKServers link: http://arkservers.net/server/213.32.7.133:27016 Steam connect link: steam://connect/213.32.7.133:27016 Server build ID: 3286315 Server version: 285.102

Running command 'status' for instance 'Extinction' Server running: Yes Server PID: 13481 Server listening: Yes Server Name: [ES/EU] Arkeologos - Extinction X10 PVP CLUSTER NOWIPE - (v285. Players: 0 / 70 Active Players: 0 Server online: Yes ARKServers link: http://arkservers.net/server/213.32.7.133:37017 Steam connect link: steam://connect/213.32.7.133:37017 Server build ID: 3286315 Server version: 285.102

Running command 'status' for instance 'Ragnarok_PVE' Server running: Yes Server PID: 13466 Server listening: Yes Server Name: [ES/EU] Arkeologos - Ragnarok X10 PVE - CLUSTER - (v285.106) Players: 0 / 70 Active Players: 0 Server online: Yes ARKServers link: http://arkservers.net/server/213.32.7.133:37021 Steam connect link: steam://connect/213.32.7.133:37021 Server build ID: 3286315 Server version: 285.102

Running command 'status' for instance 'Ragnarok' Server running: Yes Server PID: 19621 Server listening: Yes Server Name: [ES/EU] Arkeologos - Ragnarok X10 PVP CLUSTER NOWIPE - (v285.10 Players: 1 / 70 Active Players: 1 Server online: Yes ARKServers link: http://arkservers.net/server/213.32.7.133:27015 Steam connect link: steam://connect/213.32.7.133:27015 Server build ID: 3286315 Server version: 285.102

Running command 'status' for instance 'Aberration' Server running: Yes Server PID: 13500 Server listening: Yes Server Name: [ES/EU] Arkeologos - Aberration X10 PVP CLUSTER NOWIPE - (v285. Players: 0 / 70 Active Players: 0 Server online: Yes ARKServers link: http://arkservers.net/server/213.32.7.133:27018 Steam connect link: steam://connect/213.32.7.133:27018 Server build ID: 3286315 Server version: 285.102

[klightspeed]

What is the output of netstat -antup | grep 'ShooterGa'?

What is the output of iptables-save?

From here, all of the game TCP ports are showing as closed, and none of the query UDP ports are responding to queries.

[paperrain]

netstat -antup | grep 'ShooterGa'

tcp 0 0 0.0.0.0:37018 0.0.0.0: LISTEN 1017/ShooterGameSer tcp 0 0 0.0.0.0:37020 0.0.0.0: LISTEN 1738/ShooterGameSer tcp 0 0 0.0.0.0:37022 0.0.0.0: LISTEN 31614/ShooterGameSe tcp 0 0 0.0.0.0:32330 0.0.0.0: LISTEN 1316/ShooterGameSer tcp 0 0 0.0.0.0:32331 0.0.0.0: LISTEN 1306/ShooterGameSer tcp 0 0 0.0.0.0:32332 0.0.0.0: LISTEN 1327/ShooterGameSer tcp 0 0 51.75.107.61:32333 0.0.0.0: LISTEN 15167/ShooterGameSe tcp 0 0 0.0.0.0:32334 0.0.0.0: LISTEN 1337/ShooterGameSer tcp 0 0 213.32.7.133:42828 52.216.129.146:80 ESTABLISHED 15167/ShooterGameSe tcp 0 0 213.32.7.133:58104 52.216.228.234:80 ESTABLISHED 1316/ShooterGameSer tcp 0 0 213.32.7.133:58106 52.216.228.234:80 ESTABLISHED 31614/ShooterGameSe tcp 0 0 213.32.7.133:35712 145.239.8.133:7777 ESTABLISHED 1017/ShooterGameSer tcp 0 0 213.32.7.133:42366 52.216.65.194:80 ESTABLISHED 1337/ShooterGameSer tcp 1 0 213.32.7.133:39910 52.216.230.242:80 CLOSE_WAIT 1327/ShooterGameSer tcp 0 0 213.32.7.133:41694 145.239.8.133:7777 ESTABLISHED 1316/ShooterGameSer tcp 1 0 213.32.7.133:42364 52.216.65.194:80 CLOSE_WAIT 1017/ShooterGameSer tcp 0 0 213.32.7.133:42830 52.216.129.146:80 ESTABLISHED 1306/ShooterGameSer tcp 1 0 213.32.7.133:54106 54.231.82.233:80 CLOSE_WAIT 1738/ShooterGameSer tcp 0 0 213.32.7.133:39052 145.239.8.133:7777 ESTABLISHED 1337/ShooterGameSer udp 0 0 0.0.0.0:55525 0.0.0.0: 1337/ShooterGameSer udp 0 0 0.0.0.0:58732 0.0.0.0: 1017/ShooterGameSer udp 0 0 0.0.0.0:27015 0.0.0.0: 1316/ShooterGameSer udp 0 0 0.0.0.0:27016 0.0.0.0: 1306/ShooterGameSer udp 0 0 51.75.107.61:27017 0.0.0.0: 15167/ShooterGameSe udp 0 0 0.0.0.0:27018 0.0.0.0: 1327/ShooterGameSer udp 0 0 0.0.0.0:27019 0.0.0.0: 1337/ShooterGameSer udp 0 0 0.0.0.0:37017 0.0.0.0: 1017/ShooterGameSer udp 0 0 0.0.0.0:37021 0.0.0.0: 1738/ShooterGameSer udp 0 0 0.0.0.0:37023 0.0.0.0: 31614/ShooterGameSe udp 0 0 0.0.0.0:7777 0.0.0.0: 1316/ShooterGameSer udp 0 0 0.0.0.0:7778 0.0.0.0: 1316/ShooterGameSer udp 0 0 0.0.0.0:7779 0.0.0.0: 1306/ShooterGameSer udp 0 0 0.0.0.0:7780 0.0.0.0: 1306/ShooterGameSer udp 0 0 51.75.107.61:7781 0.0.0.0: 15167/ShooterGameSe udp 0 0 51.75.107.61:7782 0.0.0.0: 15167/ShooterGameSe udp 0 0 0.0.0.0:7783 0.0.0.0: 1327/ShooterGameSer udp 0 0 0.0.0.0:7784 0.0.0.0: 1327/ShooterGameSer udp 0 0 0.0.0.0:7785 0.0.0.0: 1337/ShooterGameSer udp 0 0 0.0.0.0:7786 0.0.0.0: 1337/ShooterGameSer udp 0 0 0.0.0.0:8000 0.0.0.0: 1738/ShooterGameSer udp 0 0 0.0.0.0:8002 0.0.0.0: 31614/ShooterGameSe udp 896 0 0.0.0.0:9997 0.0.0.0: 1017/ShooterGameSer udp 0 0 0.0.0.0:9998 0.0.0.0: 1017/ShooterGameSer udp 0 0 0.0.0.0:49894 0.0.0.0:* 1316/ShooterGameSer

iptables -L

Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED LISTEN all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere ACCEPT udp -- anywhere anywhere udp dpt:37017 ACCEPT tcp -- anywhere anywhere tcp dpt:37017 ACCEPT tcp -- anywhere anywhere tcp dpt:37023 ACCEPT tcp -- anywhere anywhere tcp dpt:37021 ACCEPT udp -- anywhere anywhere udp dpt:37023 ACCEPT udp -- anywhere anywhere udp dpt:37021 ACCEPT tcp -- anywhere anywhere tcp dpts:27015:27019 ACCEPT udp -- anywhere anywhere udp dpts:27015:27019

Chain FORWARD (policy ACCEPT) target prot opt source destination

Chain OUTPUT (policy ACCEPT) target prot opt source destination

Chain LISTEN (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:7778 ACCEPT tcp -- anywhere anywhere tcp dpt:7780 ACCEPT tcp -- anywhere anywhere tcp dpt:7784 ACCEPT tcp -- anywhere anywhere tcp dpt:7782 ACCEPT tcp -- anywhere anywhere tcp dpt:9998 ACCEPT tcp -- anywhere anywhere tcp dpt:7786 ACCEPT tcp -- anywhere anywhere tcp dpt:8000 ACCEPT tcp -- anywhere anywhere tcp dpt:8002 ACCEPT udp -- anywhere anywhere udp dpt:27015 ACCEPT udp -- anywhere anywhere udp dpt:27016 ACCEPT udp -- anywhere anywhere udp dpt:27017 ACCEPT udp -- anywhere anywhere udp dpt:27018 ACCEPT udp -- anywhere anywhere udp dpt:27019 ACCEPT udp -- anywhere anywhere udp dpt:37017 ACCEPT udp -- anywhere anywhere udp dpt:37021 ACCEPT udp -- anywhere anywhere udp dpt:37023

[klightspeed]

If you try running tcpdump to capture traffic on port 27016, then try listing your servers, does tcpdump show any incoming and/or outgoing packets on that port?

tcpdump -n -i {interface} udp port 27016

where {interface} is your primary interface as listed by ifconfig

From here, I confirm (once I fixed my querier) that query port 27015 is responding, but the other query ports are not responding.

[paperrain]

I assume by interface you mean something like this enp1s0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp1s0, link-type EN10MB (Ethernet), capture size 262144 bytes 11:00:35.404954 IP 81..**..59014 > 213.32.7.133.27016: UDP, length 25 11:00:35.405777 IP 213.32.7.133.27016 > 81..**..59014: UDP, length 284 11:00:35.470732 IP 81..**..64553 > 213.32.7.133.27016: UDP, length 9 11:00:35.503996 IP 213.32.7.133.27016 > 81..**..64553: UDP, length 9 11:00:37.260880 IP 81..**..64553 > 213.32.7.133.27016: UDP, length 9 11:00:37.272544 IP 213.32.7.133.27016 > 81..**..64553: UDP, length 705 11:00:40.176234 IP 82....49249 > 213.32.7.133.27016: UDP, length 25 11:00:40.219076 IP 213.32.7.133.27016 > 82.**...49249: UDP, length 284 11:00:40.285388 IP 82.**...64695 > 213.32.7.133.27016: UDP, length 9 11:00:40.317293 IP 213.32.7.133.27016 > 82.**...64695: UDP, length 9 11:00:41.249223 IP 82.**...64695 > 213.32.7.133.27016: UDP, length 9 11:00:41.250246 IP 213.32.7.133.27016 > 82.**...64695: UDP, length 705 11:00:41.554453 IP 2.**...62894 > 213.32.7.133.27016: UDP, length 25 11:00:41.594140 IP 213.32.7.133.27016 > 2....62894: UDP, length 284 11:00:52.572446 IP 2....62895 > 213.32.7.133.27016: UDP, length 25 11:00:52.596821 IP 213.32.7.133.27016 > 2....62895: UDP, length 284 11:00:53.603220 IP 2....62896 > 213.32.7.133.27016: UDP, length 25 11:00:53.628161 IP 213.32.7.133.27016 > 2....62896: UDP, length 284 11:00:54.821482 IP 2....62897 > 213.32.7.133.27016: UDP, length 25 11:00:54.856005 IP 213.32.7.133.27016 > 2....62897: UDP, length 284 11:01:07.056113 IP 81....52146 > 213.32.7.133.27016: UDP, length 25 11:01:07.085461 IP 213.32.7.133.27016 > 81....52146: UDP, length 284 11:01:07.829333 IP 37....34902 > 213.32.7.133.27016: UDP, length 25 11:01:07.871624 IP 213.32.7.133.27016 > 37....34902: UDP, length 284 11:01:07.873308 IP 37....34902 > 213.32.7.133.27016: UDP, length 9 11:01:07.920715 IP 213.32.7.133.27016 > 37....34902: UDP, length 9 11:01:07.922367 IP 37....34902 > 213.32.7.133.27016: UDP, length 9 11:01:07.969820 IP 213.32.7.133.27016 > 37....34902: UDP, length 705 11:01:07.971537 IP 37....34902 > 213.32.7.133.27016: UDP, length 9 11:01:08.018960 IP 213.32.7.133.27016 > 37....34902: UDP, length 6

[paperrain]

EDIT: Tests from another pc, now the IP of that pc is not shown on tcpdump -n -i {interface} udp port 27016 . And as you can see in the image, it doesn't get any information. https://i.imgur.com/mmX3V5N.png

The IP of that PC is not shown in the packets received/sent, in the previous post, it works.

[klightspeed]

That suggests an upstream firewall is either only allowing certain IP address ranges, or is blacklisting some IP address ranges.

[paperrain]

And how can I fix that? It happens to people randomly, today you can be the one who has the problem and tomorrow another person. And not always the same person. And so it is daily, other servers hosted in the same company do not have this problem...

And thanks again, for taking your time to help me.

[klightspeed]

Does this help any: https://help.premiumark.com/article/62-configure-soyoustart-game-firewall

[paperrain]

I'll try it, I'll tell you later. Thanks again.

[paperrain]

No problems after all this time. It was the mitigation because by default port 27015 was already open not for "Ark" but for "Half-Life". Thank you again for helping me and taking your time. @klightspeed

I think you can add this to the README so that if anyone has a problem with this they have the solution.

https://help.premiumark.com/article/62-configure-soyoustart-game-firewall