From 6bba2b04f75ee9cb80db684b606ca1e87739116e Mon Sep 17 00:00:00 2001 From: CroneKorkN Date: Fri, 15 May 2026 16:35:47 +0200 Subject: [PATCH] fix(left4me): force +sv_lan 0 alongside +ip 0.0.0.0 With +ip 0.0.0.0 (added in previous commit to make TCP RCON reachable via loopback), Source engine can't auto-determine whether the server is public-facing and defaults to LAN mode (sv_lan=1). Clients connecting from public IPs get rejected with "LAN servers are restricted to local clients (class C)". Force sv_lan=0 explicitly so public clients can connect. Co-Authored-By: Claude Opus 4.7 (1M context) --- bundles/left4me/metadata.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bundles/left4me/metadata.py b/bundles/left4me/metadata.py index b723783..81d35cd 100644 --- a/bundles/left4me/metadata.py +++ b/bundles/left4me/metadata.py @@ -361,7 +361,11 @@ def systemd_units(metadata): # without this, Source auto-selects the primary IP and the web # app's 127.0.0.1 RCON connect gets ECONNREFUSED. External TCP # on the game port range is firewall-blocked in nftables_input. - 'ExecStart': '/var/lib/left4me/runtime/%i/merged/srcds_run -game left4dead2 +ip 0.0.0.0 +hostport ${L4D2_PORT} $L4D2_ARGS', + # +sv_lan 0 is required alongside +ip 0.0.0.0 — when the bind + # IP is wildcard, Source can't auto-detect "public server" and + # falls into LAN mode, rejecting non-RFC1918 clients with + # "LAN servers are restricted to local clients (class C)". + 'ExecStart': '/var/lib/left4me/runtime/%i/merged/srcds_run -game left4dead2 +ip 0.0.0.0 +sv_lan 0 +hostport ${L4D2_PORT} $L4D2_ARGS', 'ExecStopPost': '+/usr/bin/nsenter --mount=/proc/1/ns/mnt -- /usr/local/libexec/left4me/left4me-overlay umount %i', 'Restart': 'on-failure', 'RestartSec': '5',