[cod] CoD and my struggle with NAT

cod at kaleplek.net cod at kaleplek.net
Fri Jan 9 06:25:34 EST 2004


Yes i did, see the mail below my last update mail. I put it on 0 first
night later on tried to not bind it to any interface. But still no luck.

Greetz
Quint

> I work at IW. Did you put net_lanauthorize back to 0?
>
> -----Original Message-----
> From: Boy_One (COD System Admin) [mailto:cod at kaleplek.net]
> Sent: Thursday, January 08, 2004 9:06 AM
> To: cod at icculus.org
> Subject: Re: Re[4]: [cod] CoD and my struggle with NAT
>
> Hi all,
>
> Here an update (and yes it is night not nicht stupid dutchman...LoL)
>
> I tried not binding it on any interface still no luck... still getting
>
> sending getIpAuthorize for 10.5.1.123:28960
>
> Please help i have the feeling we are getting close.
>
> Just for my knowledge Steve/Bryan are you programmers of this binary???
>
> Greetz
> Quint
> Boy_One
>
> ----- Original Message -----
> From: <cod at kaleplek.net>
> To: <cod at icculus.org>
> Sent: Thursday, January 08, 2004 15:34
> Subject: Re: Re[4]: [cod] CoD and my struggle with NAT
>
>
>> Sorry but there was a problem last nicht i couldn't reach icculus.org
>> anymore from my country. Sorry for the delay.
>>
>> Yes i had it on 1 i did this because i had problems to get in gamespy
>> and or ASE etc. but lateron i forgot to open a port (Stupid me)ok i
>> put it on 0 but still no luck it is still saying auth 10.5.1.123 so no
>> luck here, but is this the only cvar doing this or is there something
>> else in the dark binary of the linux version...;-)
>>
>> By the way i am binding my server on my external interface with cvar
>> net_ip and cvar ip. I didn't try to remove this but could this be the
>> problem. i'm going to try tonight.
>>
>> Greetz
>> Quint
>> Boy_One
>>
>> > yeah, you could put it in your config file or on the command line.
>> The default is 0 tho.
>> >
>> > Wednesday, January 7, 2004, 8:26:53 PM, you wrote:
>> >> how do you set it up ?
>> >
>> >> seta net_lanauthorize 0
>> >
>> >
>> >> Bryan Kuhn said:
>> >>> It makes it think every connection is an internet connection. I
>> don't think
>> >>> there's any reason to ever set that to 1 beyond development.
>> >>>
>> >>> -----Original Message-----
>> >>> From: Eduardo E. Silva [mailto:esilva at silvex.com]
>> >>> Sent: Wednesday, January 07, 2004 3:19 PM
>> >>> To: cod at icculus.org
>> >>> Subject: RE: Re[2]: [cod] CoD and my struggle with NAT
>> >>>
>> >>> For the internet or just for the NATed LAN ? Or BOTH?
>> >>>
>> >>> Bryan Kuhn said:
>> >>>> It's a cvar, and it makes the server always authorize.
>> >>>>
>> >>>> -----Original Message-----
>> >>>> From: Eduardo E. Silva [mailto:esilva at silvex.com]
>> >>>> Sent: Wednesday, January 07, 2004 12:23 PM
>> >>>> To: cod at icculus.org
>> >>>> Subject: Re: Re[2]: [cod] CoD and my struggle with NAT
>> >>>>
>> >>>> What does net_lanauthorize do and where is it set ?
>> >>>>
>> >>>> Bryan Kuhn said:
>> >>>>> Your saying on the same subnet it is still authorizing you? You
>> don't have  set to 1 do you? Are you only binding it to the
>> external ip address?
>> >>>>>
>> >>>>> Wednesday, January 7, 2004, 8:51:02 AM, you wrote:
>> >>>>>> Yep i did but thats my problem, i use my server and firewall
>> tougether.
>> >>>>>> See
>> >>>>>> attached picture of my network. The thing is that my nat thinks
>> its outside
>> >>>>>> an rotates me directly trough nat.
>> >>>>>
>> >>>>>
>> >>>>>> Regards
>> >>>>>> Quint
>> >>>>>
>> >>>>>
>> >>>>>> ----- Original Message -----
>> >>>>>> From: "Steven Hartland" <steven at multiplay.co.uk>
>> >>>>>> To: <cod at icculus.org>
>> >>>>>> Sent: Wednesday, January 07, 2004 11:40
>> >>>>>> Subject: Re: [cod] CoD and my struggle with NAT
>> >>>>>
>> >>>>>
>> >>>>>>> Did you try this:
>> >>>>>>> <quote>
>> >>>>>>> Had a flash of inspiration this morning I think the following
>> might just
>> >>>>>>> work.
>> >>>>>>>
>> >>>>>>> If we have this picture:
>> >>>>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>> >>>>>>> Server: internal 10.10.10.2
>> >>>>>>> Client: internal 10.10.10.3
>> >>>>>>>
>> >>>>>>> If we change this to:
>> >>>>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>> >>>>>>> Server: internal 10.10.10.2, fake 1.1.1.2 (alias)
>> >>>>>>> Client: internal 10.10.10.3, fake 1.1.1.1 (alias)
>> >>>>>>>
>> >>>>>>> And then force the client to connect to the server on 1.1.1.2
>> the ip
>> >>>>>> reported
>> >>>>>>> in the packet sent to the master will be the ip of the NAT
>> (1.1.1.1) and
>> >>>>>> hence
>> >>>>>>> if port forwarding is setup correctly the auth packet will be
>> forwarded
>> >>>>>>> to the client on 10.10.10.3 and it will all just work.
>> >>>>>>>
>> >>>>>>> Adding the 1.1.1.X aliases to the internal machines wont
>> affect
>> >>>>>> connectivity
>> >>>>>>> as they have no routes to the outside world so all external
>> connectivity
>> >>>>>>> will be done via the NAT'ed addresses.
>> >>>>>>>
>> >>>>>>> I cant test this here as I don't have NAT but Im pretty
>> confident it will
>> >>>>>> work.
>> >>>>>>> </quote>
>> >>>>>>>
>> >>>>>>>     Steve / K
>> >>>>>>> ----- Original Message -----
>> >>>>>>> From: <cod at kaleplek.net>
>> >>>>>>> To: <cod at icculus.org>
>> >>>>>>> Sent: Wednesday, January 07, 2004 12:30 PM
>> >>>>>>> Subject: [cod] CoD and my struggle with NAT
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> > Hi all here am back again with more news.... Yes I'm still
>> not
>> >>>>>>> stopped
>> >>>>>>> > debugging... ;-)
>> >>>>>>> >
>> >>>>>>> > A little update after asking Actvision for some help and all
>> >>>>>>> the
>> >>>>>>> good
>> >>>>>>> > ideas here (thanks for that) I went to a couple of friends
>> of
>> >>>>>>> mine
>> >>>>>>> who
>> >>>>>> are
>> >>>>>>> > a lot more Linux/Network goeroes then I am and the have
>> looked
>> >>>>>>> at
>> >>>>>>> it
>> >>>>>>> and
>> >>>>>>> > came with an answer that was a little bit shocking for me.
>> The
>> >>>>>>> answer
>> >>>>>> was
>> >>>>>>> > : IT IS NOT POSSIBLE WITHOUT A LITTLE PROGRAMMING HELP FROM
>> >>>>>>> ACTIVISION.
>> >>>>>> So
>> >>>>>>> > now I no for sure I am screwed. ;-)
>> >>>>>>> >
>> >>>>>>> > The gave a little push in the following direction.
>> Activision
>> >>>>>>> made
>> >>>>>>> a
>> >>>>>>> > mistake to not make the server NAT/Firewall/Multihome aware
>> >>>>>>> this is
>> >>>>>>> an
>> >>>>>>> > issue that was already on the internet in games like Diablo
>> >>>>>>> etc.
>> >>>>>>> where
>> >>>>>>> > they fixed it (I really don't know how).
>> >>>>>>> >
>> >>>>>>> > My friends said this method that activision used is a lot
>> >>>>>>> better
>> >>>>>>> then
>> >>>>>> the
>> >>>>>>> > Method of EA because in the actvision method the server
>> owner
>> >>>>>>> doesn't
>> >>>>>> get
>> >>>>>>> > the cd-keys in and can't steal them (See a post of me a
>> while
>> >>>>>>> back).
>> >>>>>>> But
>> >>>>>>> > this method also brings some problem (DUHHHHH). A fix would
>> be
>> >>>>>>> that
>> >>>>>>> it
>> >>>>>> is
>> >>>>>>> > possible on the server to config it and say if you use a
>> >>>>>>> NAT/Firewall
>> >>>>>> with
>> >>>>>>> > a private address like 10.5.x.x/192.168.x.x etc. etc. to
>> give
>> >>>>>>> you
>> >>>>>>> an
>> >>>>>>> > opportunity to give an other address in a config file
>> (public
>> >>>>>>> address)
>> >>>>>> the
>> >>>>>>> > will use to auth by activision. This method is like a proxy
>> so
>> >>>>>> activision
>> >>>>>>> > should create a little proxy in there server for nat etc.
>> >>>>>>> >
>> >>>>>>> > We all came to the conclusion when the hype is gone the came
>> >>>>>>> will
>> >>>>>>> die
>> >>>>>>> > because the private range users who want to play it will not
>> be
>> >>>>>>> able
>> >>>>>>> to
>> >>>>>> do
>> >>>>>>> > so.
>> >>>>>>> >
>> >>>>>>> > So is there a way I can connect to activision or talk to
>> >>>>>>> somebody
>> >>>>>>> who
>> >>>>>>> > build the linux binary version who can help me with this
>> >>>>>>> problem.
>> >>>>>>> Please
>> >>>>>>> > Please help my server is going up in the list and is full
>> every
>> >>>>>>> day
>> >>>>>>> now,
>> >>>>>>> > and in this way also I have to stop it because I like to
>> host
>> >>>>>>> if I
>> >>>>>>> can
>> >>>>>> be
>> >>>>>>> > a part of it. ;-)
>> >>>>>>> >
>> >>>>>>> > So please who can get me in contact with one of those guys
>> or
>> >>>>>>> are
>> >>>>>>> they
>> >>>>>> in
>> >>>>>>> > this mailing group?????
>> >>>>>>> >
>> >>>>>>> > Regards
>> >>>>>>> > Quint
>> >>>>>>> > Boy_One
>> >>>>>>> >
>> >>>>>>> >
>> >>>>>>>
>> >>>>>>> ================================================
>> >>>>>>> This e.mail is private and confidential between Multiplay (UK)
>> Ltd. and
>> >>>>>> the person or entity to whom it is addressed. In the event of
>> misdirection,
>> >>>>>> the recipient is prohibited from using, copying, printing or
>> otherwise disseminating it or any information contained in it.
>> >>>>>>>
>> >>>>>>> In the event of misdirection, illegible or incomplete
>> >>>>>>> transmission please
>> >>>>>> telephone (023) 8024 3137
>> >>>>>>> or return the E.mail to postmaster at multiplay.co.uk.
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>
>> >>>>
>> >>>>
>> >>>> --
>> >>>> Thanks,
>> >>>>
>> >>>> Ed Silva
>> >>>> Silvex Consulting Inc.
>> >>>> esilva at silvex.com
>> >>>> (714) 504-6870 Cell
>> >>>> (714) 897-3800 Fax
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>> --
>> >>> Thanks,
>> >>>
>> >>> Ed Silva
>> >>> Silvex Consulting Inc.
>> >>> esilva at silvex.com
>> >>> (714) 504-6870 Cell
>> >>> (714) 897-3800 Fax
>>
>>
>>
>>
>>







More information about the Cod mailing list