Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 34081 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding (?) League of Legends

WeePecky
Hi ... 

I now have my UTM up and going - thanks all. 

My son plays LoL and the firewall is stopping his client connection.
LoL site ( https://support.leagueoflegends.com/entries/21948135-Port-Forwarding ) says port forwarding may be required for: 

Port Forwarding for League of Legends:
Required Ports:

Each of these ports must be forwarded for League of Legends to operate properly.

    5000 - 5500 UDP - League of Legends Game Client
    8393 - 8400 TCP - Patcher and Maestro
    2099 TCP - PVP.Net
    5223 TCP - PVP.Net
    5222 TCP - PVP.Net
    80 TCP - HTTP Connections
    443 TCP - HTTPS Connections
    8088 Spectator Mode



How do  I do this, and is it really necessary? 

Thanks in advance.


This thread was automatically locked due to age.
  • 0
    With such a large port range definition you can simply just allow all ports for the client IP [:)]

    Simply create a firewall rule that allows all services from client IP to Internet. I doubt you really need to allow incoming ports for the game to work.
  • 0
    Reading that article, it appears that you need to allow all those ports inbound to your son's PC, i.e. the LoL client acts as a server, waiting for incoming connections on all those ports, rather than establishing the connections outbound.  IMHO this is poor design, but it is what it is.  In order to allow those inbound connections, you're going to have to create service definitions for each TCP and UDP range, then create a service group that contains all the individual services.

    You'll also need to give your son's PC a static IP address and create a network host definition for it.

    Once you have those pieces in place, you can then create a DNAT rule (Network Protection --> NAT --> NAT): 
    Rule Type:		DNAT

    	

    Matching Condition

    	For traffic from:	Any

    	Using service:	LoL

    	Going to:	WAN (Address)

    		

    Action

    	Change the destination to:	SonsPC

    	And the service to:	[leave blank]

    	

    [check]	Automatic Firewall rule


    As for "is it really necessary", I presume you have run the port test linked from that article, else you wouldn't be asking. [:)]  (The port test appears to require Java, btw, not just JavaScript.)
  • 0
    I still highly doubt that. Because it would make it impossible to have multiple players behind a NAT device like a soho router and that's defentitely not sth. a game publisher wants.
  • 0
    Indeed, I just fired up my sandbox VM, installed Java, and tried the port test linked from that LoL page - it ran clean, so apparently there is no requirement for incoming port forwarding, if that test is to be believed.

    Sounds like the OP is going to have to look into his firewall logs for more clues.
  • 0

    Examining the logs when I had this issue, I found this:

    2017:02:16-21:24:07 millersophos httpproxy[1859]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.***.***" dstip="209.197.3.7" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3893" request="0xe3eea000" url="https://l3cdn.riotgames.com/" referer="" error="Failed to verify server certificate" authtime="0" dnstime="4" cattime="140" avscantime="0" fullreqtime="409727" device="0" auth="0" ua="" exceptions="" category="116" reputation="unverified" categoryname="Games"

    I resolved mine by adding this to URL bypass in the exception list in filtering options.

    ^https?://([A-Za-z0-9.-]*\.)?riotgames\.com/

Unfiltered HTML