[cod] CoD and my struggle with NAT

cod at kaleplek.net cod at kaleplek.net
Fri Jan 9 07:08:57 EST 2004 

Yeah..... That's exactly my problem a multihomed network for public use,
and no connection from private network... Thanks for looking at this...
I hope it's going to be fixed. If you need a testserver/testclient or what
else... Here i am......

> Its only multihomed servers with public and private interfaces. It even
> works correctly over a vpn with 2 different private networks. This isn't
> that common except for people running small private servers
> which could just be run as dedicated 1.
>
> Friday, January 9, 2004, 12:59:14 AM, you wrote:
>> Bryan,
>
>> we have been posting this issue for a long time. It would be really
>> great if it got addressed. I am really surprised that this was never
>> tested. Very few companies used public IP address for internal LANs.
>> All of them use non-public addresses (i.e. 192.168.0.0).
>
>> I also think this applies to the Windows version.
>
>
>> Bryan Kuhn said:
>>> I think I finally reproed this. No promises it gets fixed or anything
>>> though.
>>>
>>> -----Original Message-----
>>> From: Eduardo E. Silva [mailto:esilva at silvex.com]
>>> Sent: Thursday, January 08, 2004 12:01 PM
>>> To: cod at icculus.org
>>> Subject: RE: Re[2]: [cod] CoD and my struggle with NAT
>>>
>>> Bryan, I have mine set to 0 (zero) and I still cannot log to my linux
>>> server. MOH:AA never had this problem. My setup is similar to
>>> everybody. Try if are able to see my server with the in-game browser
>>> "|NQ|silvex Linux Host" set for search and destroy.
>>>
>>>   COD NATed
>>>    Client            eth1          Server         eth0
>>> 172.16.200.19<-->172.16.200.1<-- COD/Linux -->24.16.199.160
>>>
>>>
>>>
>>> I am able to connect to ANYBODY but my server. Will you guys address
>>> this issue in the 'upcoming' patch. That will be phenomenal! This
>>> game OWNS MOH:AA
>>>
>>> Bryan Kuhn said:
>>>> It's a cvar, and it makes the server always authorize.
>>>>
>>>> -----Original Message-----
>>>> From: Eduardo E. Silva [mailto:esilva at silvex.com]
>>>> Sent: Wednesday, January 07, 2004 12:23 PM
>>>> To: cod at icculus.org
>>>> Subject: Re: Re[2]: [cod] CoD and my struggle with NAT
>>>>
>>>> What does net_lanauthorize do and where is it set ?
>>>>
>>>> Bryan Kuhn said:
>>>>> Your saying on the same subnet it is still authorizing you? You
>>>>> don't have  set to 1 do you? Are you only binding it to the
>>>>> external ip address?
>>>>>
>>>>> Wednesday, January 7, 2004, 8:51:02 AM, you wrote:
>>>>>> Yep i did but thats my problem, i use my server and firewall
>>>>>> tougether.
>>>>>> See
>>>>>> attached picture of my network. The thing is that my nat thinks
>>>>>> its outside
>>>>>> an rotates me directly trough nat.
>>>>>
>>>>>
>>>>>> Regards
>>>>>> Quint
>>>>>
>>>>>
>>>>>> ----- Original Message -----
>>>>>> From: "Steven Hartland" <steven at multiplay.co.uk>
>>>>>> To: <cod at icculus.org>
>>>>>> Sent: Wednesday, January 07, 2004 11:40
>>>>>> Subject: Re: [cod] CoD and my struggle with NAT
>>>>>
>>>>>
>>>>>>> Did you try this:
>>>>>>> <quote>
>>>>>>> Had a flash of inspiration this morning I think the following
>>>>>>> might just
>>>>>>> work.
>>>>>>>
>>>>>>> If we have this picture:
>>>>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>>>>>>> Server: internal 10.10.10.2
>>>>>>> Client: internal 10.10.10.3
>>>>>>>
>>>>>>> If we change this to:
>>>>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>>>>>>> Server: internal 10.10.10.2, fake 1.1.1.2 (alias)
>>>>>>> Client: internal 10.10.10.3, fake 1.1.1.1 (alias)
>>>>>>>
>>>>>>> And then force the client to connect to the server on 1.1.1.2 the
>>>>>>> ip
>>>>>> reported
>>>>>>> in the packet sent to the master will be the ip of the NAT
>>>>>>> (1.1.1.1) and
>>>>>> hence
>>>>>>> if port forwarding is setup correctly the auth packet will be
>>>>>>> forwarded
>>>>>>> to the client on 10.10.10.3 and it will all just work.
>>>>>>>
>>>>>>> Adding the 1.1.1.X aliases to the internal machines wont affect
>>>>>> connectivity
>>>>>>> as they have no routes to the outside world so all external
>>>>>>> connectivity
>>>>>>> will be done via the NAT'ed addresses.
>>>>>>>
>>>>>>> I cant test this here as I don't have NAT but Im pretty confident
>>>>>>> it will
>>>>>> work.
>>>>>>> </quote>
>>>>>>>
>>>>>>>     Steve / K
>>>>>>> ----- Original Message -----
>>>>>>> From: <cod at kaleplek.net>
>>>>>>> To: <cod at icculus.org>
>>>>>>> Sent: Wednesday, January 07, 2004 12:30 PM
>>>>>>> Subject: [cod] CoD and my struggle with NAT
>>>>>>>
>>>>>>>
>>>>>>> > Hi all here am back again with more news.... Yes I'm still not
>>>>>>> stopped
>>>>>>> > debugging... ;-)
>>>>>>> >
>>>>>>> > A little update after asking Actvision for some help and all
>>>>>>> the
>>>>>>> good
>>>>>>> > ideas here (thanks for that) I went to a couple of friends of
>>>>>>> mine
>>>>>>> who
>>>>>> are
>>>>>>> > a lot more Linux/Network goeroes then I am and the have looked
>>>>>>> at
>>>>>>> it
>>>>>>> and
>>>>>>> > came with an answer that was a little bit shocking for me. The
>>>>>>> answer
>>>>>> was
>>>>>>> > : IT IS NOT POSSIBLE WITHOUT A LITTLE PROGRAMMING HELP FROM
>>>>>>> ACTIVISION.
>>>>>> So
>>>>>>> > now I no for sure I am screwed. ;-)
>>>>>>> >
>>>>>>> > The gave a little push in the following direction. Activision
>>>>>>> made
>>>>>>> a
>>>>>>> > mistake to not make the server NAT/Firewall/Multihome aware
>>>>>>> this is
>>>>>>> an
>>>>>>> > issue that was already on the internet in games like Diablo
>>>>>>> etc.
>>>>>>> where
>>>>>>> > they fixed it (I really don't know how).
>>>>>>> >
>>>>>>> > My friends said this method that activision used is a lot
>>>>>>> better
>>>>>>> then
>>>>>> the
>>>>>>> > Method of EA because in the actvision method the server owner
>>>>>>> doesn't
>>>>>> get
>>>>>>> > the cd-keys in and can't steal them (See a post of me a while
>>>>>>> back).
>>>>>>> But
>>>>>>> > this method also brings some problem (DUHHHHH). A fix would be
>>>>>>> that
>>>>>>> it
>>>>>> is
>>>>>>> > possible on the server to config it and say if you use a
>>>>>>> NAT/Firewall
>>>>>> with
>>>>>>> > a private address like 10.5.x.x/192.168.x.x etc. etc. to give
>>>>>>> you
>>>>>>> an
>>>>>>> > opportunity to give an other address in a config file (public
>>>>>>> address)
>>>>>> the
>>>>>>> > will use to auth by activision. This method is like a proxy so
>>>>>> activision
>>>>>>> > should create a little proxy in there server for nat etc.
>>>>>>> >
>>>>>>> > We all came to the conclusion when the hype is gone the came
>>>>>>> will
>>>>>>> die
>>>>>>> > because the private range users who want to play it will not be
>>>>>>> able
>>>>>>> to
>>>>>> do
>>>>>>> > so.
>>>>>>> >
>>>>>>> > So is there a way I can connect to activision or talk to
>>>>>>> somebody
>>>>>>> who
>>>>>>> > build the linux binary version who can help me with this
>>>>>>> problem.
>>>>>>> Please
>>>>>>> > Please help my server is going up in the list and is full every
>>>>>>> day
>>>>>>> now,
>>>>>>> > and in this way also I have to stop it because I like to host
>>>>>>> if I
>>>>>>> can
>>>>>> be
>>>>>>> > a part of it. ;-)
>>>>>>> >
>>>>>>> > So please who can get me in contact with one of those guys or
>>>>>>> are
>>>>>>> they
>>>>>> in
>>>>>>> > this mailing group?????
>>>>>>> >
>>>>>>> > Regards
>>>>>>> > Quint
>>>>>>> > Boy_One
>>>>>>> >
>>>>>>> >
>>>>>>>
>>>>>>> ================================================
>>>>>>> This e.mail is private and confidential between Multiplay (UK)
>>>>>>> Ltd. and
>>>>>> the person or entity to whom it is addressed. In the event of
>>>>>> misdirection,
>>>>>> the recipient is prohibited from using, copying, printing or
>>>>>> otherwise disseminating it or any information contained in it.
>>>>>>>
>>>>>>> In the event of misdirection, illegible or incomplete
>>>>>>> transmission please
>>>>>> telephone (023) 8024 3137
>>>>>>> or return the E.mail to postmaster at multiplay.co.uk.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks,
>>>>
>>>> Ed Silva
>>>> Silvex Consulting Inc.
>>>> esilva at silvex.com
>>>> (714) 504-6870 Cell
>>>> (714) 897-3800 Fax
>>>>
>>>>
>>>
>>>
>>> --
>>> Thanks,
>>>
>>> Ed Silva
>>> Silvex Consulting Inc.
>>> esilva at silvex.com
>>> (714) 504-6870 Cell
>>> (714) 897-3800 Fax

More information about the Cod mailing list