[cod] CoD and my struggle with NAT

Bryan Kuhn bryan at infinityward.com
Fri Jan 9 13:09:53 EST 2004 

Are you running developer 1? I have a hard time getting it to happen
with developer off.

Friday, January 9, 2004, 4:08:57 AM, you wrote:
> Yeah..... That's exactly my problem a multihomed network for public use,
> and no connection from private network... Thanks for looking at this...
> I hope it's going to be fixed. If you need a testserver/testclient or what
> else... Here i am......

>> Its only multihomed servers with public and private interfaces. It even
>> works correctly over a vpn with 2 different private networks. This isn't
>> that common except for people running small private servers
>> which could just be run as dedicated 1.
>>
>> Friday, January 9, 2004, 12:59:14 AM, you wrote:
>>> Bryan,
>>
>>> we have been posting this issue for a long time. It would be really
>>> great if it got addressed. I am really surprised that this was never
>>> tested. Very few companies used public IP address for internal LANs.
>>> All of them use non-public addresses (i.e. 192.168.0.0).
>>
>>> I also think this applies to the Windows version.
>>
>>
>>> Bryan Kuhn said:
>>>> I think I finally reproed this. No promises it gets fixed or anything
>>>> though.
>>>>
>>>> -----Original Message-----
>>>> From: Eduardo E. Silva [mailto:esilva at silvex.com]
>>>> Sent: Thursday, January 08, 2004 12:01 PM
>>>> To: cod at icculus.org
>>>> Subject: RE: Re[2]: [cod] CoD and my struggle with NAT
>>>>
>>>> Bryan, I have mine set to 0 (zero) and I still cannot log to my linux
>>>> server. MOH:AA never had this problem. My setup is similar to
>>>> everybody. Try if are able to see my server with the in-game browser
>>>> "|NQ|silvex Linux Host" set for search and destroy.
>>>>
>>>>   COD NATed
>>>>    Client            eth1          Server         eth0
>>>> 172.16.200.19<-->172.16.200.1<-- COD/Linux -->24.16.199.160
>>>>
>>>>
>>>>
>>>> I am able to connect to ANYBODY but my server. Will you guys address
>>>> this issue in the 'upcoming' patch. That will be phenomenal! This
>>>> game OWNS MOH:AA
>>>>
>>>> Bryan Kuhn said:
>>>>> It's a cvar, and it makes the server always authorize.
>>>>>
>>>>> -----Original Message-----
>>>>> From: Eduardo E. Silva [mailto:esilva at silvex.com]
>>>>> Sent: Wednesday, January 07, 2004 12:23 PM
>>>>> To: cod at icculus.org
>>>>> Subject: Re: Re[2]: [cod] CoD and my struggle with NAT
>>>>>
>>>>> What does net_lanauthorize do and where is it set ?
>>>>>
>>>>> Bryan Kuhn said:
>>>>>> Your saying on the same subnet it is still authorizing you? You
>>>>>> don't have  set to 1 do you? Are you only binding it to the
>>>>>> external ip address?
>>>>>>
>>>>>> Wednesday, January 7, 2004, 8:51:02 AM, you wrote:
>>>>>>> Yep i did but thats my problem, i use my server and firewall
>>>>>>> tougether.
>>>>>>> See
>>>>>>> attached picture of my network. The thing is that my nat thinks
>>>>>>> its outside
>>>>>>> an rotates me directly trough nat.
>>>>>>
>>>>>>
>>>>>>> Regards
>>>>>>> Quint
>>>>>>
>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>> From: "Steven Hartland" <steven at multiplay.co.uk>
>>>>>>> To: <cod at icculus.org>
>>>>>>> Sent: Wednesday, January 07, 2004 11:40
>>>>>>> Subject: Re: [cod] CoD and my struggle with NAT
>>>>>>
>>>>>>
>>>>>>>> Did you try this:
>>>>>>>> <quote>
>>>>>>>> Had a flash of inspiration this morning I think the following
>>>>>>>> might just
>>>>>>>> work.
>>>>>>>>
>>>>>>>> If we have this picture:
>>>>>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>>>>>>>> Server: internal 10.10.10.2
>>>>>>>> Client: internal 10.10.10.3
>>>>>>>>
>>>>>>>> If we change this to:
>>>>>>>> NAT box: internal 10.10.10.1, external 1.1.1.1
>>>>>>>> Server: internal 10.10.10.2, fake 1.1.1.2 (alias)
>>>>>>>> Client: internal 10.10.10.3, fake 1.1.1.1 (alias)
>>>>>>>>
>>>>>>>> And then force the client to connect to the server on 1.1.1.2 the
>>>>>>>> ip
>>>>>>> reported
>>>>>>>> in the packet sent to the master will be the ip of the NAT
>>>>>>>> (1.1.1.1) and
>>>>>>> hence
>>>>>>>> if port forwarding is setup correctly the auth packet will be
>>>>>>>> forwarded
>>>>>>>> to the client on 10.10.10.3 and it will all just work.
>>>>>>>>
>>>>>>>> Adding the 1.1.1.X aliases to the internal machines wont affect
>>>>>>> connectivity
>>>>>>>> as they have no routes to the outside world so all external
>>>>>>>> connectivity
>>>>>>>> will be done via the NAT'ed addresses.
>>>>>>>>
>>>>>>>> I cant test this here as I don't have NAT but Im pretty confident
>>>>>>>> it will
>>>>>>> work.
>>>>>>>> </quote>
>>>>>>>>
>>>>>>>>     Steve / K
>>>>>>>> ----- Original Message -----
>>>>>>>> From: <cod at kaleplek.net>
>>>>>>>> To: <cod at icculus.org>
>>>>>>>> Sent: Wednesday, January 07, 2004 12:30 PM
>>>>>>>> Subject: [cod] CoD and my struggle with NAT
>>>>>>>>
>>>>>>>>
>>>>>>>> > Hi all here am back again with more news.... Yes I'm still not
>>>>>>>> stopped
>>>>>>>> > debugging... ;-)
>>>>>>>> >
>>>>>>>> > A little update after asking Actvision for some help and all
>>>>>>>> the
>>>>>>>> good
>>>>>>>> > ideas here (thanks for that) I went to a couple of friends of
>>>>>>>> mine
>>>>>>>> who
>>>>>>> are
>>>>>>>> > a lot more Linux/Network goeroes then I am and the have looked
>>>>>>>> at
>>>>>>>> it
>>>>>>>> and
>>>>>>>> > came with an answer that was a little bit shocking for me. The
>>>>>>>> answer
>>>>>>> was
>>>>>>>> > : IT IS NOT POSSIBLE WITHOUT A LITTLE PROGRAMMING HELP FROM
>>>>>>>> ACTIVISION.
>>>>>>> So
>>>>>>>> > now I no for sure I am screwed. ;-)
>>>>>>>> >
>>>>>>>> > The gave a little push in the following direction. Activision
>>>>>>>> made
>>>>>>>> a
>>>>>>>> > mistake to not make the server NAT/Firewall/Multihome aware
>>>>>>>> this is
>>>>>>>> an
>>>>>>>> > issue that was already on the internet in games like Diablo
>>>>>>>> etc.
>>>>>>>> where
>>>>>>>> > they fixed it (I really don't know how).
>>>>>>>> >
>>>>>>>> > My friends said this method that activision used is a lot
>>>>>>>> better
>>>>>>>> then
>>>>>>> the
>>>>>>>> > Method of EA because in the actvision method the server owner
>>>>>>>> doesn't
>>>>>>> get
>>>>>>>> > the cd-keys in and can't steal them (See a post of me a while
>>>>>>>> back).
>>>>>>>> But
>>>>>>>> > this method also brings some problem (DUHHHHH). A fix would be
>>>>>>>> that
>>>>>>>> it
>>>>>>> is
>>>>>>>> > possible on the server to config it and say if you use a
>>>>>>>> NAT/Firewall
>>>>>>> with
>>>>>>>> > a private address like 10.5.x.x/192.168.x.x etc. etc. to give
>>>>>>>> you
>>>>>>>> an
>>>>>>>> > opportunity to give an other address in a config file (public
>>>>>>>> address)
>>>>>>> the
>>>>>>>> > will use to auth by activision. This method is like a proxy so
>>>>>>> activision
>>>>>>>> > should create a little proxy in there server for nat etc.
>>>>>>>> >
>>>>>>>> > We all came to the conclusion when the hype is gone the came
>>>>>>>> will
>>>>>>>> die
>>>>>>>> > because the private range users who want to play it will not be
>>>>>>>> able
>>>>>>>> to
>>>>>>> do
>>>>>>>> > so.
>>>>>>>> >
>>>>>>>> > So is there a way I can connect to activision or talk to
>>>>>>>> somebody
>>>>>>>> who
>>>>>>>> > build the linux binary version who can help me with this
>>>>>>>> problem.
>>>>>>>> Please
>>>>>>>> > Please help my server is going up in the list and is full every
>>>>>>>> day
>>>>>>>> now,
>>>>>>>> > and in this way also I have to stop it because I like to host
>>>>>>>> if I
>>>>>>>> can
>>>>>>> be
>>>>>>>> > a part of it. ;-)
>>>>>>>> >
>>>>>>>> > So please who can get me in contact with one of those guys or
>>>>>>>> are
>>>>>>>> they
>>>>>>> in
>>>>>>>> > this mailing group?????
>>>>>>>> >
>>>>>>>> > Regards
>>>>>>>> > Quint
>>>>>>>> > Boy_One
>>>>>>>> >
>>>>>>>> >
>>>>>>>>
>>>>>>>> ================================================
>>>>>>>> This e.mail is private and confidential between Multiplay (UK)
>>>>>>>> Ltd. and
>>>>>>> the person or entity to whom it is addressed. In the event of
>>>>>>> misdirection,
>>>>>>> the recipient is prohibited from using, copying, printing or
>>>>>>> otherwise disseminating it or any information contained in it.
>>>>>>>>
>>>>>>>> In the event of misdirection, illegible or incomplete
>>>>>>>> transmission please
>>>>>>> telephone (023) 8024 3137
>>>>>>>> or return the E.mail to postmaster at multiplay.co.uk.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Thanks,
>>>>>
>>>>> Ed Silva
>>>>> Silvex Consulting Inc.
>>>>> esilva at silvex.com
>>>>> (714) 504-6870 Cell
>>>>> (714) 897-3800 Fax
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks,
>>>>
>>>> Ed Silva
>>>> Silvex Consulting Inc.
>>>> esilva at silvex.com
>>>> (714) 504-6870 Cell
>>>> (714) 897-3800 Fax

More information about the Cod mailing list