Mac clients getting tempbanned on Linux server with CSF

[pythros]

I run both a game server and a TS 3 server on my Linux CentOS machine. I do have CSF running on the server.

Issue: Mac players can connect to the game server with no issue of being tempbanned from my machine. However, if they connect to the TS 3 server, whether or not they are connected to the game server, my CSF tempbans their IP due to their machine port scanning my server. PC and Linux players don't have this problem.

No, I am not going to have their IP white-listed within CSF nor will I disable tempbans due to port scanning. Some players use different locations so white-listing their IP would be pointless.

A: Why does the TS 3 client on Mac ONLY cause their machine to port scan my server?
B: What can I have my Mac players adjust or do on their computer to prevent this from happening?
C: Or, is this a bug that TS is aware of?

Here is an example of CSF's tempban report for one of my players:

Code:

[root@mc ~]# grep -R -ip snipped- /etc/csf/*
/etc/csf/csf.tempban:1313446204|-ip snipped-||in|3600|lfd - *Port Scan* detected from -ip snipped- (GB/United Kingdom/host-ip snipped-.range81-129.btcentralplus.com). 11 hits in the last 260 seconds
/etc/csf/csf.tempip:-ip snipped-|0|1313446204
/etc/csf/stats/iptables_log:|Aug 15 18:08:54 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=27862 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
/etc/csf/stats/iptables_log:|Aug 15 18:08:56 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=17633 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
/etc/csf/stats/iptables_log:|Aug 15 18:08:56 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=21722 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
/etc/csf/stats/iptables_log:|Aug 15 18:08:57 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=53759 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
/etc/csf/stats/iptables_log:|Aug 15 18:08:58 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=11201 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
/etc/csf/stats/iptables_log:|Aug 15 18:08:59 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=64970 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
/etc/csf/stats/iptables_log:|Aug 15 18:09:01 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=64 TOS=0x00 PREC=0x00 TTL=38 ID=36823 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
/etc/csf/stats/iptables_log:|Aug 15 18:09:06 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=48 TOS=0x00 PREC=0x00 TTL=38 ID=52460 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
/etc/csf/stats/iptables_log:|Aug 15 18:09:13 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=48 TOS=0x00 PREC=0x00 TTL=38 ID=25336 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
/etc/csf/stats/iptables_log:|Aug 15 18:09:29 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=48 TOS=0x00 PREC=0x00 TTL=38 ID=52461 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0
/etc/csf/stats/iptables_log:|Aug 15 18:10:01 mc kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=-snipped- SRC=-ip snipped- DST=-ip snipped- LEN=48 TOS=0x00 PREC=0x00 TTL=38 ID=46796 DF PROTO=TCP SPT=52189 DPT=41144 WINDOW=65535 RES=0x00 SYN URGP=0

I've searched Google and the forums and couldn't find anything...

Any help will be appreciated. Thanks.

[pythros]

Is it possible to get information from the developers why the Mac client is port scanning?? Or does that have to be for the "paid" users?

[dante696]

The Mac client does not start any port scans!
The client asks for the same ports as the windows and linux client does.

Please do not reopen a new thread for the same topic!

[pythros]

At least it got this thread some attention!

Then why tell me this only happens to my Mac users when they connect to the TeamSpeak server? As they can visit a web page that the same address is hosting and connect to the game server on it with no problem? Within a minute or two of them connecting to the TS server, their machine starts port scanning. The only common instances are Mac OS and TeamSpeak server. I would be happy to demonstrate this on demand as I have many [Mac] users unable to use my TS server.

[dante696]

Please tell me the ip for your server ,to connect to it with a windows and mac machine.

But we don't know what is going on there.

[Tomas]

In case of an connection to any server what ts3client do is:

ask OS resolver for DNS name translation
try to connect to tsdns
- - that is your source of problems, not reading documentation(tsdns uses 41144/tcp),

Code:

PROTO=TCP SPT=52189 DPT=41144

- - allow/reject incoming connections to 41144/tcp in your firewall to fix the problem
- - Optionaly you could start using tsdns, and read more about that featue
try to connect to UDP port to the IP adress found
could use 30033/tcp for filetransfer of icons/avatars or file browser

[pythros]

@Tomas:

Hmm.... I'll try that. Odd that it's only Macs that do that.

@dante696:

If Tomas' suggestion doesn't work, I'll let you know what the address is and PM you the password.