Port Forwarding
-
Another benfit is a friend staying here can also fly online.
So far 4-8 clients with no show stoppers, will be watching closely this weekend when our numbers should be in the 20+
We have a server with gigabit connectivity but the box does need more horsepower.
-
shadow probably u r talking about local lan?
-
shadow probably u r talking about local lan?
No
-
Let’s try it once more as suggested by Ripley, to make more clearer the port mappings:
Dubious on/off, tautologically speaking
- Client X:Y connects to S:T
[dubious=1]
- S:T queries X:2934[4-7] for redirect status
- ACK if redirected, NAK otherwise
[dubious=0]
- ACK
This is disrespective from the current wrong behavior where Y must equal 2935 or the connection won’t be accepted.
Is that explanation good enough?
-
I thought of an issue with this approach. Ideally, clients should be able to connect without port forwarding setup at their side. Sort of the Holy Grail. This requires NAT traversal to establish the peer-to-peer connections between clients, but that’s already in place (in RAKNET). However, by having the server query port 2935 on the client side, you basically require port forwarding on the client side. Of course, if things depend on the parameter AllowDubiousConnections, this could be acceptable.
-
I’m sure you know, but DMZ is a really bad idea. It exposes your PC to the internet, and makes you vulnerable for all kinds of attacks.
Not correct, you always be protected by the default Windows (software) Firewall
BB
-
@Bad:
Not correct, you always be protected by the default Windows (software) Firewall
BB
makes you more vulnerable than you would normally be, considering its basically telling the router to stop all the various filtering it normally does.
-
So break NAT without static port mappings to work around bugs? Oh, bother…
No, you misread. It’s dubious=0 that prevents non-static mappings to work. As said, @mrivers has a problem with non-static mappings. Or something.
Set your hater to stun.
Set AllowDubious to 1, I am completely fine with that. The goal of the 4.32 net code was to not need port forwarding. But there were problematic routers (Zyxel), and there were bugs in the CS fallback code (which were fixed in update 5) and concern for BW that prompted the ability to disable it.
-
IIRC falcon-online reported breakage after clients go to 3D, i.e. network destabilization caused by flaky clients.
Can’t seem to remember the conversation we’ve had a while back
A.S., can you confirm/deny?
-
IIRC falcon-online reported breakage after clients go to 3D, i.e. network destabilization caused by flaky clients.
Can’t seem to remember the conversation we’ve had a while back
A.S., can you confirm/deny?
From my experience (related with all my PVP events) : allowing dubious client induce a server destabilization (with possibility of server crash or possibility of server who is disconnecting every clients at the same time without crash) when more than 40 clients are connected
BB
-
Hi guys. I dont want to hijack the thread, but at the moment I am within a subnet without access to the router and I am having some problems connecting.
As a client (NOT the host), does any port need to be forward as well? I thought it was only mandatory server-side.
Any info appreciated!
-
It’s not mandatory, but some people are overzealous…
-
If you read this thread you will understand completely.
@syn:
Hi guys. I dont want to hijack the thread, but at the moment I am within a subnet without access to the router and I am having some problems connecting.
As a client (NOT the host), does any port need to be forward as well? I thought it was only mandatory server-side.
Any info appreciated!
-
This post is deleted! -
@syn:
Hi guys. I dont want to hijack the thread, but at the moment I am within a subnet without access to the router and I am having some problems connecting.
As a client (NOT the host), does any port need to be forward as well? I thought it was only mandatory server-side.
Any info appreciated!
Yes you need client and server to have Open ports if behind a NAT… IF you do NOt have access to the Router like at college or something you could try a HTTP Tunneling service…
-
@Bad:
Not correct, you always be protected by the default Windows (software) Firewall
BB
WEll yes and No if you DMZ your PC you are vulnerable to an attack more so then if the SPI Firewall and a Software Firewall is in place… it is BEST NOT to DMZ your PC For anything other then testing…
This is the Lazy way out… DMZ is exactly what it stands for “De Militirized Zone” Well we all know or at least should know what that is like…
-
From my POV, to DMZ a router without checking if one firewall (SPI or software) is in place is stupid and make no sense at all (I repeat : it is only my personal POV)
To be vulnerable highly depends what you are doing with a computer
I DMZ my router and i never had any attack or vulnerability issue because SPI firewall is in place and because I do care of what I’m doing with my computer (it is a “computer” philosophy)
BB
-
@Bad:
From my POV, to DMZ a router without checking if one firewall (SPI or software) is in place is stupid and make no sense at all (I repeat : it is only my personal POV)
To be vulnerable highly depends what you are doing with a computer
I DMZ my router and i never had any attack or vulnerability issue because SPI firewall is in place and because I do care of what I’m doing with my computer (it is a “computer” philosophy)
BB
Well, Bad Boy I hate to be the bearer of Bad news but for one you do NOT DMZ your Router you are putting your PC in FRONT of the Router. its SPI Firewall and all, basically unprotected to the internet… A software firewall is helpful but once you go into a DMZ you are Vulnerable as you are exposed to the internet unobstructed…
Like I said a DMZ is the Demilitirized Zone, basically not a nice place… I know you are vulnerable does that mean you will be attacked probally not but why take the chance… Port Forwarding Offers a bit more security as it is ONLY Opening required ports vs the DMZ which Basically OPENS them ALL… and for some hacker who maybe sniffing on your Line sees these ports are open you are just inviting trouble…
I alone and NOT the ONLY one who knows this… I would advise on just setting up Port Forwarding as doing the DMZ is like having unprotected sex. you may or may not catch something…
I just hope you don’t advise other users to do the same as you…
-
Yes you need client and server to have Open ports if behind a NAT…
open ports? you’re confusing outgoing with incoming.
And DMZ wrt network topology means a subnet with access to a “militarized” subnet, but not the other way around. So it hardly applies. Why people use the term incorrectly is beyond me…
-
@The Nephilim the routers firewall and whole protection system is software, and for me more vaneruble then serius software protection.
A routers firmware is way way more exposed and analised to be hacked then a software protection system that u can update many times a year according to developers updates.
Initially the routers prottection system was there as a first stage filtering and no need of having an extra server for this job, also for stability as all OS’s some time crash.So dmz or connecting directly to the internet ain’t that much of trouble or danger… it’s just a myth. Knowing what to do with it and how to do it safely is another path… so the easy way (As in photo cameras) put the damn thing in automode and fire it up.