[cod] CoD and my struggle with NAT

Bryan Kuhn bryan at infinityward.com
Fri Jan 9 04:36:17 EST 2004 

Its only multihomed servers with public and private interfaces. It
even works correctly over a vpn with 2 different private networks. This
isn't that common except for people running small private servers
which could just be run as dedicated 1.

Friday, January 9, 2004, 12:59:14 AM, you wrote:
> Bryan,

> we have been posting this issue for a long time. It would be really great
> if it got addressed. I am really surprised that this was never tested.
> Very few companies used public IP address for internal LANs. All of them
> use non-public addresses (i.e. 192.168.0.0).

> I also think this applies to the Windows version.


> Bryan Kuhn said:
>> I think I finally reproed this. No promises it gets fixed or anything
>> though.
>>
>> -----Original Message-----
>> From: Eduardo E. Silva [mailto:esilva at silvex.com]
>> Sent: Thursday, January 08, 2004 12:01 PM
>> To: cod at icculus.org
>> Subject: RE: Re[2]: [cod] CoD and my struggle with NAT
>>
>> Bryan, I have mine set to 0 (zero) and I still cannot log to my linux
>> server. MOH:AA never had this problem. My setup is similar to everybody.
>> Try if are able to see my server with the in-game browser "|NQ|silvex
>> Linux Host" set for search and destroy.
>>
>>   COD NATed
>>    Client            eth1          Server         eth0
>> 172.16.200.19<-->172.16.200.1<-- COD/Linux -->24.16.199.160
>>
>>
>>
>> I am able to connect to ANYBODY but my server. Will you guys address this
>> issue in the 'upcoming' patch. That will be phenomenal! This game OWNS
>> MOH:AA
>>
>> Bryan Kuhn said:
>>> It's a cvar, and it makes the server always authorize.
>>>
>>> -----Original Message-----
>>> From: Eduardo E. Silva [mailto:esilva at silvex.com]
>>> Sent: Wednesday, January 07, 2004 12:23 PM
>>> To: cod at icculus.org
>>> Subject: Re: Re[2]: [cod] CoD and my struggle with NAT
>>>
>>> What does net_lanauthorize do and where is it set ?
>>>
>>> Bryan Kuhn said:
>>>> Your saying on the same subnet it is still authorizing you? You don't
>>>> have  set to 1 do you? Are you only binding it to the
>>>> external ip address?
>>>>
>>>> Wednesday, January 7, 2004, 8:51:02 AM, you wrote:
>>>>> Yep i did but thats my problem, i use my server and firewall
>>>>> tougether.
>>>>> See
>>>>> attached picture of my network. The thing is that my nat thinks its
>>>>> outside
>>>>> an rotates me directly trough nat.
>>>>
>>>>
>>>>> Regards
>>>>> Quint
>>>>
>>>>
>>>>> ----- Original Message -----
>>>>> From: "Steven Hartland" <steven at multiplay.co.uk>
>>>>> To: <cod at icculus.org>
>>>>> Sent: Wednesday, January 07, 2004 11:40
>>>>> Subject: Re: [cod] CoD and my struggle with NAT
>>>>
>>>>
>>>>>> Did you try this:
>>>>>> <quote>
>>>>>> Had a flash of inspiration this morning I think the following might
>>>>>> just
>>>>>> work.
>>>>>>
>>>>>> If we have this picture:
>>>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>>>>>> Server: internal 10.10.10.2
>>>>>> Client: internal 10.10.10.3
>>>>>>
>>>>>> If we change this to:
>>>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>>>>>> Server: internal 10.10.10.2, fake 1.1.1.2 (alias)
>>>>>> Client: internal 10.10.10.3, fake 1.1.1.1 (alias)
>>>>>>
>>>>>> And then force the client to connect to the server on 1.1.1.2 the ip
>>>>> reported
>>>>>> in the packet sent to the master will be the ip of the NAT (1.1.1.1)
>>>>>> and
>>>>> hence
>>>>>> if port forwarding is setup correctly the auth packet will be
>>>>>> forwarded
>>>>>> to the client on 10.10.10.3 and it will all just work.
>>>>>>
>>>>>> Adding the 1.1.1.X aliases to the internal machines wont affect
>>>>> connectivity
>>>>>> as they have no routes to the outside world so all external
>>>>>> connectivity
>>>>>> will be done via the NAT'ed addresses.
>>>>>>
>>>>>> I cant test this here as I don't have NAT but Im pretty confident it
>>>>>> will
>>>>> work.
>>>>>> </quote>
>>>>>>
>>>>>>     Steve / K
>>>>>> ----- Original Message -----
>>>>>> From: <cod at kaleplek.net>
>>>>>> To: <cod at icculus.org>
>>>>>> Sent: Wednesday, January 07, 2004 12:30 PM
>>>>>> Subject: [cod] CoD and my struggle with NAT
>>>>>>
>>>>>>
>>>>>> > Hi all here am back again with more news.... Yes I'm still not
>>>>>> stopped
>>>>>> > debugging... ;-)
>>>>>> >
>>>>>> > A little update after asking Actvision for some help and all the
>>>>>> good
>>>>>> > ideas here (thanks for that) I went to a couple of friends of mine
>>>>>> who
>>>>> are
>>>>>> > a lot more Linux/Network goeroes then I am and the have looked at
>>>>>> it
>>>>>> and
>>>>>> > came with an answer that was a little bit shocking for me. The
>>>>>> answer
>>>>> was
>>>>>> > : IT IS NOT POSSIBLE WITHOUT A LITTLE PROGRAMMING HELP FROM
>>>>>> ACTIVISION.
>>>>> So
>>>>>> > now I no for sure I am screwed. ;-)
>>>>>> >
>>>>>> > The gave a little push in the following direction. Activision made
>>>>>> a
>>>>>> > mistake to not make the server NAT/Firewall/Multihome aware this is
>>>>>> an
>>>>>> > issue that was already on the internet in games like Diablo etc.
>>>>>> where
>>>>>> > they fixed it (I really don't know how).
>>>>>> >
>>>>>> > My friends said this method that activision used is a lot better
>>>>>> then
>>>>> the
>>>>>> > Method of EA because in the actvision method the server owner
>>>>>> doesn't
>>>>> get
>>>>>> > the cd-keys in and can't steal them (See a post of me a while
>>>>>> back).
>>>>>> But
>>>>>> > this method also brings some problem (DUHHHHH). A fix would be that
>>>>>> it
>>>>> is
>>>>>> > possible on the server to config it and say if you use a
>>>>>> NAT/Firewall
>>>>> with
>>>>>> > a private address like 10.5.x.x/192.168.x.x etc. etc. to give you
>>>>>> an
>>>>>> > opportunity to give an other address in a config file (public
>>>>>> address)
>>>>> the
>>>>>> > will use to auth by activision. This method is like a proxy so
>>>>> activision
>>>>>> > should create a little proxy in there server for nat etc.
>>>>>> >
>>>>>> > We all came to the conclusion when the hype is gone the came will
>>>>>> die
>>>>>> > because the private range users who want to play it will not be
>>>>>> able
>>>>>> to
>>>>> do
>>>>>> > so.
>>>>>> >
>>>>>> > So is there a way I can connect to activision or talk to somebody
>>>>>> who
>>>>>> > build the linux binary version who can help me with this problem.
>>>>>> Please
>>>>>> > Please help my server is going up in the list and is full every day
>>>>>> now,
>>>>>> > and in this way also I have to stop it because I like to host if I
>>>>>> can
>>>>> be
>>>>>> > a part of it. ;-)
>>>>>> >
>>>>>> > So please who can get me in contact with one of those guys or are
>>>>>> they
>>>>> in
>>>>>> > this mailing group?????
>>>>>> >
>>>>>> > Regards
>>>>>> > Quint
>>>>>> > Boy_One
>>>>>> >
>>>>>> >
>>>>>>
>>>>>> ================================================
>>>>>> This e.mail is private and confidential between Multiplay (UK) Ltd.
>>>>>> and
>>>>> the person or entity to whom it is addressed. In the event of
>>>>> misdirection,
>>>>> the recipient is prohibited from using, copying, printing or otherwise
>>>>> disseminating it or any information contained in it.
>>>>>>
>>>>>> In the event of misdirection, illegible or incomplete transmission
>>>>>> please
>>>>> telephone (023) 8024 3137
>>>>>> or return the E.mail to postmaster at multiplay.co.uk.
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>
>>>
>>> --
>>> Thanks,
>>>
>>> Ed Silva
>>> Silvex Consulting Inc.
>>> esilva at silvex.com
>>> (714) 504-6870 Cell
>>> (714) 897-3800 Fax
>>>
>>>
>>
>>
>> --
>> Thanks,
>>
>> Ed Silva
>> Silvex Consulting Inc.
>> esilva at silvex.com
>> (714) 504-6870 Cell
>> (714) 897-3800 Fax
>>
>>

More information about the Cod mailing list