Firewall problems with ESXi and Quake 2 server

A co-worker expressed some interest in getting a blast from the past and playing some Quake 2. So I thought, easy, I’ll set up a dedicated Linux server in a VM. I already have a server running ESXi (stand-alone).

This has proven more difficult than I first thought. Getting the server up and running was fairly easy. But something is blocking the standard Quake 2 UDP port (27910.) Running nmap from the Quake 2 server shows that the port is open.

However, the Windows Quake 2 client on the same LAN can’t connect. An nmap scan from the Windows box shows that the port is filtered. So there’s a firewall in the way somewhere, and as near as I can tell, it’s not on the CentOS 8 VM.

It seems most likely that ESXi is blocking non-standard ports. I suppose it could be my router blocking the traffic, but that seems unlikely (it’s a Netgear AC 1350 w/ DD-WRT firmware.) In troubleshooting I found that ESXi does include a firewall, but as near as I can tell it simply separates the hypervisor’s management interface from the VMs and the outside world. In my case, the management interface and the VM NIC are one in the same (lack of ports on my router.)

So to summarize:


  1. Does ESXi have a built-in firewall? Does it protect just the management NIC & hypervisor, or does it also filter traffic to the VMs?

  2. Could I work around the problem by starting my game server on a well-known UDP port?

  3. If the ESXi firewall is indeed blocking traffic to the Quake 2 VM, is there any way to add a custom firewall rule?

It had something to do with CentOS. Not sure exactly what, but as soon as I put the appropriate binary and game maps on a Fedora 31 VM, clients were able to connect. I thought I checked CentOS to see if the bundled firewall was active, but I may have missed something. Anyway, problem solved.

1 Like