[cod] CoD and my struggle with NAT

Bryan Kuhn bryan at infinityward.com
Thu Jan 8 19:02:59 EST 2004


I think I finally reproed this. No promises it gets fixed or anything
though.

-----Original Message-----
From: Eduardo E. Silva [mailto:esilva at silvex.com] 
Sent: Thursday, January 08, 2004 12:01 PM
To: cod at icculus.org
Subject: RE: Re[2]: [cod] CoD and my struggle with NAT

Bryan, I have mine set to 0 (zero) and I still cannot log to my linux
server. MOH:AA never had this problem. My setup is similar to everybody.
Try if are able to see my server with the in-game browser "|NQ|silvex
Linux Host" set for search and destroy.

  COD NATed
   Client            eth1          Server         eth0
172.16.200.19<-->172.16.200.1<-- COD/Linux -->24.16.199.160



I am able to connect to ANYBODY but my server. Will you guys address this
issue in the 'upcoming' patch. That will be phenomenal! This game OWNS
MOH:AA

Bryan Kuhn said:
> It's a cvar, and it makes the server always authorize.
>
> -----Original Message-----
> From: Eduardo E. Silva [mailto:esilva at silvex.com]
> Sent: Wednesday, January 07, 2004 12:23 PM
> To: cod at icculus.org
> Subject: Re: Re[2]: [cod] CoD and my struggle with NAT
>
> What does net_lanauthorize do and where is it set ?
>
> Bryan Kuhn said:
>> Your saying on the same subnet it is still authorizing you? You don't
>> have  set to 1 do you? Are you only binding it to the
>> external ip address?
>>
>> Wednesday, January 7, 2004, 8:51:02 AM, you wrote:
>>> Yep i did but thats my problem, i use my server and firewall tougether.
>>> See
>>> attached picture of my network. The thing is that my nat thinks its
>>> outside
>>> an rotates me directly trough nat.
>>
>>
>>> Regards
>>> Quint
>>
>>
>>> ----- Original Message -----
>>> From: "Steven Hartland" <steven at multiplay.co.uk>
>>> To: <cod at icculus.org>
>>> Sent: Wednesday, January 07, 2004 11:40
>>> Subject: Re: [cod] CoD and my struggle with NAT
>>
>>
>>>> Did you try this:
>>>> <quote>
>>>> Had a flash of inspiration this morning I think the following might
>>>> just
>>>> work.
>>>>
>>>> If we have this picture:
>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>>>> Server: internal 10.10.10.2
>>>> Client: internal 10.10.10.3
>>>>
>>>> If we change this to:
>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>>>> Server: internal 10.10.10.2, fake 1.1.1.2 (alias)
>>>> Client: internal 10.10.10.3, fake 1.1.1.1 (alias)
>>>>
>>>> And then force the client to connect to the server on 1.1.1.2 the ip
>>> reported
>>>> in the packet sent to the master will be the ip of the NAT (1.1.1.1)
>>>> and
>>> hence
>>>> if port forwarding is setup correctly the auth packet will be
>>>> forwarded
>>>> to the client on 10.10.10.3 and it will all just work.
>>>>
>>>> Adding the 1.1.1.X aliases to the internal machines wont affect
>>> connectivity
>>>> as they have no routes to the outside world so all external
>>>> connectivity
>>>> will be done via the NAT'ed addresses.
>>>>
>>>> I cant test this here as I don't have NAT but Im pretty confident it
>>>> will
>>> work.
>>>> </quote>
>>>>
>>>>     Steve / K
>>>> ----- Original Message -----
>>>> From: <cod at kaleplek.net>
>>>> To: <cod at icculus.org>
>>>> Sent: Wednesday, January 07, 2004 12:30 PM
>>>> Subject: [cod] CoD and my struggle with NAT
>>>>
>>>>
>>>> > Hi all here am back again with more news.... Yes I'm still not
>>>> stopped
>>>> > debugging... ;-)
>>>> >
>>>> > A little update after asking Actvision for some help and all the
>>>> good
>>>> > ideas here (thanks for that) I went to a couple of friends of mine
>>>> who
>>> are
>>>> > a lot more Linux/Network goeroes then I am and the have looked at it
>>>> and
>>>> > came with an answer that was a little bit shocking for me. The
>>>> answer
>>> was
>>>> > : IT IS NOT POSSIBLE WITHOUT A LITTLE PROGRAMMING HELP FROM
>>>> ACTIVISION.
>>> So
>>>> > now I no for sure I am screwed. ;-)
>>>> >
>>>> > The gave a little push in the following direction. Activision made a
>>>> > mistake to not make the server NAT/Firewall/Multihome aware this is
>>>> an
>>>> > issue that was already on the internet in games like Diablo etc.
>>>> where
>>>> > they fixed it (I really don't know how).
>>>> >
>>>> > My friends said this method that activision used is a lot better
>>>> then
>>> the
>>>> > Method of EA because in the actvision method the server owner
>>>> doesn't
>>> get
>>>> > the cd-keys in and can't steal them (See a post of me a while back).
>>>> But
>>>> > this method also brings some problem (DUHHHHH). A fix would be that
>>>> it
>>> is
>>>> > possible on the server to config it and say if you use a
>>>> NAT/Firewall
>>> with
>>>> > a private address like 10.5.x.x/192.168.x.x etc. etc. to give you an
>>>> > opportunity to give an other address in a config file (public
>>>> address)
>>> the
>>>> > will use to auth by activision. This method is like a proxy so
>>> activision
>>>> > should create a little proxy in there server for nat etc.
>>>> >
>>>> > We all came to the conclusion when the hype is gone the came will
>>>> die
>>>> > because the private range users who want to play it will not be able
>>>> to
>>> do
>>>> > so.
>>>> >
>>>> > So is there a way I can connect to activision or talk to somebody
>>>> who
>>>> > build the linux binary version who can help me with this problem.
>>>> Please
>>>> > Please help my server is going up in the list and is full every day
>>>> now,
>>>> > and in this way also I have to stop it because I like to host if I
>>>> can
>>> be
>>>> > a part of it. ;-)
>>>> >
>>>> > So please who can get me in contact with one of those guys or are
>>>> they
>>> in
>>>> > this mailing group?????
>>>> >
>>>> > Regards
>>>> > Quint
>>>> > Boy_One
>>>> >
>>>> >
>>>>
>>>> ================================================
>>>> This e.mail is private and confidential between Multiplay (UK) Ltd.
>>>> and
>>> the person or entity to whom it is addressed. In the event of
>>> misdirection,
>>> the recipient is prohibited from using, copying, printing or otherwise
>>> disseminating it or any information contained in it.
>>>>
>>>> In the event of misdirection, illegible or incomplete transmission
>>>> please
>>> telephone (023) 8024 3137
>>>> or return the E.mail to postmaster at multiplay.co.uk.
>>>>
>>>>
>>>>
>>
>
>
> --
> Thanks,
>
> Ed Silva
> Silvex Consulting Inc.
> esilva at silvex.com
> (714) 504-6870 Cell
> (714) 897-3800 Fax
>
>


-- 
Thanks,

Ed Silva
Silvex Consulting Inc.
esilva at silvex.com
(714) 504-6870 Cell
(714) 897-3800 Fax





More information about the Cod mailing list