[cod] CoD and my struggle with NAT

Eduardo E. Silva esilva at silvex.com
Fri Jan 9 03:59:14 EST 2004 

Bryan,

we have been posting this issue for a long time. It would be really great
if it got addressed. I am really surprised that this was never tested.
Very few companies used public IP address for internal LANs. All of them
use non-public addresses (i.e. 192.168.0.0).

I also think this applies to the Windows version.


Bryan Kuhn said:
> I think I finally reproed this. No promises it gets fixed or anything
> though.
>
> -----Original Message-----
> From: Eduardo E. Silva [mailto:esilva at silvex.com]
> Sent: Thursday, January 08, 2004 12:01 PM
> To: cod at icculus.org
> Subject: RE: Re[2]: [cod] CoD and my struggle with NAT
>
> Bryan, I have mine set to 0 (zero) and I still cannot log to my linux
> server. MOH:AA never had this problem. My setup is similar to everybody.
> Try if are able to see my server with the in-game browser "|NQ|silvex
> Linux Host" set for search and destroy.
>
>   COD NATed
>    Client            eth1          Server         eth0
> 172.16.200.19<-->172.16.200.1<-- COD/Linux -->24.16.199.160
>
>
>
> I am able to connect to ANYBODY but my server. Will you guys address this
> issue in the 'upcoming' patch. That will be phenomenal! This game OWNS
> MOH:AA
>
> Bryan Kuhn said:
>> It's a cvar, and it makes the server always authorize.
>>
>> -----Original Message-----
>> From: Eduardo E. Silva [mailto:esilva at silvex.com]
>> Sent: Wednesday, January 07, 2004 12:23 PM
>> To: cod at icculus.org
>> Subject: Re: Re[2]: [cod] CoD and my struggle with NAT
>>
>> What does net_lanauthorize do and where is it set ?
>>
>> Bryan Kuhn said:
>>> Your saying on the same subnet it is still authorizing you? You don't
>>> have  set to 1 do you? Are you only binding it to the
>>> external ip address?
>>>
>>> Wednesday, January 7, 2004, 8:51:02 AM, you wrote:
>>>> Yep i did but thats my problem, i use my server and firewall
>>>> tougether.
>>>> See
>>>> attached picture of my network. The thing is that my nat thinks its
>>>> outside
>>>> an rotates me directly trough nat.
>>>
>>>
>>>> Regards
>>>> Quint
>>>
>>>
>>>> ----- Original Message -----
>>>> From: "Steven Hartland" <steven at multiplay.co.uk>
>>>> To: <cod at icculus.org>
>>>> Sent: Wednesday, January 07, 2004 11:40
>>>> Subject: Re: [cod] CoD and my struggle with NAT
>>>
>>>
>>>>> Did you try this:
>>>>> <quote>
>>>>> Had a flash of inspiration this morning I think the following might
>>>>> just
>>>>> work.
>>>>>
>>>>> If we have this picture:
>>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>>>>> Server: internal 10.10.10.2
>>>>> Client: internal 10.10.10.3
>>>>>
>>>>> If we change this to:
>>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>>>>> Server: internal 10.10.10.2, fake 1.1.1.2 (alias)
>>>>> Client: internal 10.10.10.3, fake 1.1.1.1 (alias)
>>>>>
>>>>> And then force the client to connect to the server on 1.1.1.2 the ip
>>>> reported
>>>>> in the packet sent to the master will be the ip of the NAT (1.1.1.1)
>>>>> and
>>>> hence
>>>>> if port forwarding is setup correctly the auth packet will be
>>>>> forwarded
>>>>> to the client on 10.10.10.3 and it will all just work.
>>>>>
>>>>> Adding the 1.1.1.X aliases to the internal machines wont affect
>>>> connectivity
>>>>> as they have no routes to the outside world so all external
>>>>> connectivity
>>>>> will be done via the NAT'ed addresses.
>>>>>
>>>>> I cant test this here as I don't have NAT but Im pretty confident it
>>>>> will
>>>> work.
>>>>> </quote>
>>>>>
>>>>>     Steve / K
>>>>> ----- Original Message -----
>>>>> From: <cod at kaleplek.net>
>>>>> To: <cod at icculus.org>
>>>>> Sent: Wednesday, January 07, 2004 12:30 PM
>>>>> Subject: [cod] CoD and my struggle with NAT
>>>>>
>>>>>
>>>>> > Hi all here am back again with more news.... Yes I'm still not
>>>>> stopped
>>>>> > debugging... ;-)
>>>>> >
>>>>> > A little update after asking Actvision for some help and all the
>>>>> good
>>>>> > ideas here (thanks for that) I went to a couple of friends of mine
>>>>> who
>>>> are
>>>>> > a lot more Linux/Network goeroes then I am and the have looked at
>>>>> it
>>>>> and
>>>>> > came with an answer that was a little bit shocking for me. The
>>>>> answer
>>>> was
>>>>> > : IT IS NOT POSSIBLE WITHOUT A LITTLE PROGRAMMING HELP FROM
>>>>> ACTIVISION.
>>>> So
>>>>> > now I no for sure I am screwed. ;-)
>>>>> >
>>>>> > The gave a little push in the following direction. Activision made
>>>>> a
>>>>> > mistake to not make the server NAT/Firewall/Multihome aware this is
>>>>> an
>>>>> > issue that was already on the internet in games like Diablo etc.
>>>>> where
>>>>> > they fixed it (I really don't know how).
>>>>> >
>>>>> > My friends said this method that activision used is a lot better
>>>>> then
>>>> the
>>>>> > Method of EA because in the actvision method the server owner
>>>>> doesn't
>>>> get
>>>>> > the cd-keys in and can't steal them (See a post of me a while
>>>>> back).
>>>>> But
>>>>> > this method also brings some problem (DUHHHHH). A fix would be that
>>>>> it
>>>> is
>>>>> > possible on the server to config it and say if you use a
>>>>> NAT/Firewall
>>>> with
>>>>> > a private address like 10.5.x.x/192.168.x.x etc. etc. to give you
>>>>> an
>>>>> > opportunity to give an other address in a config file (public
>>>>> address)
>>>> the
>>>>> > will use to auth by activision. This method is like a proxy so
>>>> activision
>>>>> > should create a little proxy in there server for nat etc.
>>>>> >
>>>>> > We all came to the conclusion when the hype is gone the came will
>>>>> die
>>>>> > because the private range users who want to play it will not be
>>>>> able
>>>>> to
>>>> do
>>>>> > so.
>>>>> >
>>>>> > So is there a way I can connect to activision or talk to somebody
>>>>> who
>>>>> > build the linux binary version who can help me with this problem.
>>>>> Please
>>>>> > Please help my server is going up in the list and is full every day
>>>>> now,
>>>>> > and in this way also I have to stop it because I like to host if I
>>>>> can
>>>> be
>>>>> > a part of it. ;-)
>>>>> >
>>>>> > So please who can get me in contact with one of those guys or are
>>>>> they
>>>> in
>>>>> > this mailing group?????
>>>>> >
>>>>> > Regards
>>>>> > Quint
>>>>> > Boy_One
>>>>> >
>>>>> >
>>>>>
>>>>> ================================================
>>>>> This e.mail is private and confidential between Multiplay (UK) Ltd.
>>>>> and
>>>> the person or entity to whom it is addressed. In the event of
>>>> misdirection,
>>>> the recipient is prohibited from using, copying, printing or otherwise
>>>> disseminating it or any information contained in it.
>>>>>
>>>>> In the event of misdirection, illegible or incomplete transmission
>>>>> please
>>>> telephone (023) 8024 3137
>>>>> or return the E.mail to postmaster at multiplay.co.uk.
>>>>>
>>>>>
>>>>>
>>>
>>
>>
>> --
>> Thanks,
>>
>> Ed Silva
>> Silvex Consulting Inc.
>> esilva at silvex.com
>> (714) 504-6870 Cell
>> (714) 897-3800 Fax
>>
>>
>
>
> --
> Thanks,
>
> Ed Silva
> Silvex Consulting Inc.
> esilva at silvex.com
> (714) 504-6870 Cell
> (714) 897-3800 Fax
>
>


-- 
Thanks,

Ed Silva
Silvex Consulting Inc.
esilva at silvex.com
(714) 504-6870 Cell
(714) 897-3800 Fax

More information about the Cod mailing list