[cod] CoD and my struggle with NAT

cod at kaleplek.net cod at kaleplek.net
Fri Jan 9 06:35:34 EST 2004


Just to give you some inside information, i also tried to get support by
Activision but no luck there. They said that it was not an issue
concurning them. See mail wile back from my in the archive. Ooh what the
f*ck here is the post again... Sorry for this post again....

----------------------- cut from activision ------------------------


The fan community is your best bet at this point, since what you are doing
is unsupported. Sorry we were unable to help you further.

 Customer 12/26/2003 04:41 AM
Dear Reader,

Where could i get this kind of information then, i enjoy the game, but in
this way a can't join my own server.


 Customer 12/26/2003 04:40 AM
See the site i have update it.

 Response (Nick Bee) 12/25/2003 03:58 PM

Unfortunately, Activision only provides support for in-game menu options.
We are also a publisher, not a developer. We do not have any information
for advanced server configurations.

We also do not provide setups for modified network stacks. We do not
design or test our games for passive IP connections.

 Customer 12/25/2003 10:07 AM
Dear Anthony,

Sorry for the late response, but I was in deep debug to give you more

You said go to


I did already before I mailed you, also I am an active user in icculus.org
this group made also Mohaa linux. All the groups I talked to gave me some
hints, I tried out. Here my debug information below. I hope you can answer
these questions.

I am sending you a picture of my network at home. A little background of
my knowledge, I am a network/security advisor, and work at a large bank
community in the Netherlands.

Here my debug information.

after i put it up and try to connect from my lan machine to the server i
get awaiting cd key authorization. I read on www.codadmin.com that you
have to put a redirect in your host file like this codauthorize.activision.com

After i did this it worked like a charm but i am not showing up in either
ASE or Gamespy or inside the game. Now i read on this forum that when you
block this Actvision is blocking you on gamespy etc. So i removed it and i
can see that i get more connections now in my logfile

SV packet : getinfo
SV packet : getinfo
SV packet : getinfo
SV packet : getinfo
SV packet : getinfo
SV packet : getinfo
SV packet : getinfo
SV packet : getinfo
SV packet : getinfo
SV packet : getinfo
SV packet : getinfo
SV packet : getinfo
SV packet : getinfo
SV packet : getinfo

And it goes on and on. When i put the block again i only see this 1 or 2
times in 15 minutes.

I also see that the logfile is saying

sending getIpAuthorize for

I understand that this won't work becuase this is a private range and
Activision can't registrate my CDKEY.

Now I tried after you told me not to support the linux server a windows
server in the same network setup, but this gives me the same result.

What I did then was put the linux environment back and to a tcpdump on my
network to see how the packets are send etc.

I saw in the packets that my translation doesn’t work to my external
address this way both servers are trying to AUTH my internal address.

I tried the to see if I could make a loop to my external address, tried
proxy port forward etc. etc. but no luck still (because my ip isn’t NAT)
it is trying to AUTH my internal ip. This due to that my server is seeing
that the external ip is local on my server and isn’t putting it to NAT.

I mailed this to icculus.org but nobody knows a solution. In my eyes this
is coming due to the fact that the server is resolving my ip sends it to
the AUTH server this one Is trying to connect to my client to try to AUTH
my CD-KEY.

Can’t this changed from this one to server is giving me a push to
Activision AUTH server where I registrate my CD-Key and when this is done
the AUTH server is giving the COD servers an ok.

Please help me, I’m now more debugging then enjoying the game


 Response (Anthony Lu) 12/18/2003 09:24 AM

Unfortunately, we do not provide support for the Linux server. For
assistance with setting up or running a Linux server, your best bet is to
look on the Internet at sites like:


If you have any problems or questions in the future, please feel free to
email us.

 Auto-Response (Anthony Lu) 12/18/2003 05:24 AM
You have picked Unlisted title as your game title.

Please make sure the title you are inquiring about is not listed in our
product list before proceeding. Click the Back and select the Platform the
game is for and then find and select your game from the list.

If you do not see your title listed then the product is more than likely
not supported by Activision.

 Customer 12/18/2003 05:24 AM
Dear Reader,

I have a question about a COD server and NAT. I have a dedicated COD
server running on a linux enviroment, but when a connect from inside my
lan to the linux box i see in the log file that my cd-key is tried to be
registered with my internal LAN network adress. I talked to a lot of guys
in mailing groups like www.codadmin.com etc. but these guys say it is not
possile to connect to the server like this. I have also a mohaa server
running and this one works. The guys in the mailing group are saying that
the client should be patched, is this true or do you know how to help me.



> Bryan,
> we have been posting this issue for a long time. It would be really
> great if it got addressed. I am really surprised that this was never
> tested. Very few companies used public IP address for internal LANs. All
> of them use non-public addresses (i.e.
> I also think this applies to the Windows version.
> Bryan Kuhn said:
>> I think I finally reproed this. No promises it gets fixed or anything
>> though.
>> -----Original Message-----
>> From: Eduardo E. Silva [mailto:esilva at silvex.com]
>> Sent: Thursday, January 08, 2004 12:01 PM
>> To: cod at icculus.org
>> Subject: RE: Re[2]: [cod] CoD and my struggle with NAT
>> Bryan, I have mine set to 0 (zero) and I still cannot log to my linux
>> server. MOH:AA never had this problem. My setup is similar to
>> everybody. Try if are able to see my server with the in-game browser
>> "|NQ|silvex Linux Host" set for search and destroy.
>>   COD NATed
>>    Client            eth1          Server         eth0
>><--><-- COD/Linux -->
>> I am able to connect to ANYBODY but my server. Will you guys address
>> this issue in the 'upcoming' patch. That will be phenomenal! This game
>> Bryan Kuhn said:
>>> It's a cvar, and it makes the server always authorize.
>>> -----Original Message-----
>>> From: Eduardo E. Silva [mailto:esilva at silvex.com]
>>> Sent: Wednesday, January 07, 2004 12:23 PM
>>> To: cod at icculus.org
>>> Subject: Re: Re[2]: [cod] CoD and my struggle with NAT
>>> What does net_lanauthorize do and where is it set ?
>>> Bryan Kuhn said:
>>>> Your saying on the same subnet it is still authorizing you? You
>>>> don't have  set to 1 do you? Are you only binding it to the
>>>> external ip address?
>>>> Wednesday, January 7, 2004, 8:51:02 AM, you wrote:
>>>>> Yep i did but thats my problem, i use my server and firewall
>>>>> tougether.
>>>>> See
>>>>> attached picture of my network. The thing is that my nat thinks its
>>>>> outside
>>>>> an rotates me directly trough nat.
>>>>> Regards
>>>>> Quint
>>>>> ----- Original Message -----
>>>>> From: "Steven Hartland" <steven at multiplay.co.uk>
>>>>> To: <cod at icculus.org>
>>>>> Sent: Wednesday, January 07, 2004 11:40
>>>>> Subject: Re: [cod] CoD and my struggle with NAT
>>>>>> Did you try this:
>>>>>> <quote>
>>>>>> Had a flash of inspiration this morning I think the following
>>>>>> might just
>>>>>> work.
>>>>>> If we have this picture:
>>>>>> NAT box: internal, external
>>>>>> Server: internal
>>>>>> Client: internal
>>>>>> If we change this to:
>>>>>> NAT box: internal, external
>>>>>> Server: internal, fake (alias)
>>>>>> Client: internal, fake (alias)
>>>>>> And then force the client to connect to the server on the
>>>>>> ip
>>>>> reported
>>>>>> in the packet sent to the master will be the ip of the NAT
>>>>>> ( and
>>>>> hence
>>>>>> if port forwarding is setup correctly the auth packet will be
>>>>>> forwarded
>>>>>> to the client on and it will all just work.
>>>>>> Adding the 1.1.1.X aliases to the internal machines wont affect
>>>>> connectivity
>>>>>> as they have no routes to the outside world so all external
>>>>>> connectivity
>>>>>> will be done via the NAT'ed addresses.
>>>>>> I cant test this here as I don't have NAT but Im pretty confident
>>>>>> it will
>>>>> work.
>>>>>> </quote>
>>>>>>     Steve / K
>>>>>> ----- Original Message -----
>>>>>> From: <cod at kaleplek.net>
>>>>>> To: <cod at icculus.org>
>>>>>> Sent: Wednesday, January 07, 2004 12:30 PM
>>>>>> Subject: [cod] CoD and my struggle with NAT
>>>>>> > Hi all here am back again with more news.... Yes I'm still not
>>>>>> stopped
>>>>>> > debugging... ;-)
>>>>>> >
>>>>>> > A little update after asking Actvision for some help and all the
>>>>>> good
>>>>>> > ideas here (thanks for that) I went to a couple of friends of
>>>>>> mine
>>>>>> who
>>>>> are
>>>>>> > a lot more Linux/Network goeroes then I am and the have looked
>>>>>> at
>>>>>> it
>>>>>> and
>>>>>> > came with an answer that was a little bit shocking for me. The
>>>>>> answer
>>>>> was
>>>>> So
>>>>>> > now I no for sure I am screwed. ;-)
>>>>>> >
>>>>>> > The gave a little push in the following direction. Activision
>>>>>> made
>>>>>> a
>>>>>> > mistake to not make the server NAT/Firewall/Multihome aware this
>>>>>> is
>>>>>> an
>>>>>> > issue that was already on the internet in games like Diablo etc.
>>>>>> where
>>>>>> > they fixed it (I really don't know how).
>>>>>> >
>>>>>> > My friends said this method that activision used is a lot better
>>>>>> then
>>>>> the
>>>>>> > Method of EA because in the actvision method the server owner
>>>>>> doesn't
>>>>> get
>>>>>> > the cd-keys in and can't steal them (See a post of me a while
>>>>>> back).
>>>>>> But
>>>>>> > this method also brings some problem (DUHHHHH). A fix would be
>>>>>> that
>>>>>> it
>>>>> is
>>>>>> > possible on the server to config it and say if you use a
>>>>>> NAT/Firewall
>>>>> with
>>>>>> > a private address like 10.5.x.x/192.168.x.x etc. etc. to give
>>>>>> you
>>>>>> an
>>>>>> > opportunity to give an other address in a config file (public
>>>>>> address)
>>>>> the
>>>>>> > will use to auth by activision. This method is like a proxy so
>>>>> activision
>>>>>> > should create a little proxy in there server for nat etc.
>>>>>> >
>>>>>> > We all came to the conclusion when the hype is gone the came
>>>>>> will
>>>>>> die
>>>>>> > because the private range users who want to play it will not be
>>>>>> able
>>>>>> to
>>>>> do
>>>>>> > so.
>>>>>> >
>>>>>> > So is there a way I can connect to activision or talk to
>>>>>> somebody
>>>>>> who
>>>>>> > build the linux binary version who can help me with this
>>>>>> problem.
>>>>>> Please
>>>>>> > Please help my server is going up in the list and is full every
>>>>>> day
>>>>>> now,
>>>>>> > and in this way also I have to stop it because I like to host if
>>>>>> I
>>>>>> can
>>>>> be
>>>>>> > a part of it. ;-)
>>>>>> >
>>>>>> > So please who can get me in contact with one of those guys or
>>>>>> are
>>>>>> they
>>>>> in
>>>>>> > this mailing group?????
>>>>>> >
>>>>>> > Regards
>>>>>> > Quint
>>>>>> > Boy_One
>>>>>> >
>>>>>> >
>>>>>> ================================================
>>>>>> This e.mail is private and confidential between Multiplay (UK)
>>>>>> Ltd. and
>>>>> the person or entity to whom it is addressed. In the event of
>>>>> misdirection,
>>>>> the recipient is prohibited from using, copying, printing or
>>>>> otherwise disseminating it or any information contained in it.
>>>>>> In the event of misdirection, illegible or incomplete transmission
>>>>>> please
>>>>> telephone (023) 8024 3137
>>>>>> or return the E.mail to postmaster at multiplay.co.uk.
>>> --
>>> Thanks,
>>> Ed Silva
>>> Silvex Consulting Inc.
>>> esilva at silvex.com
>>> (714) 504-6870 Cell
>>> (714) 897-3800 Fax
>> --
>> Thanks,
>> Ed Silva
>> Silvex Consulting Inc.
>> esilva at silvex.com
>> (714) 504-6870 Cell
>> (714) 897-3800 Fax
> --
> Thanks,
> Ed Silva
> Silvex Consulting Inc.
> esilva at silvex.com
> (714) 504-6870 Cell
> (714) 897-3800 Fax

More information about the Cod mailing list