Port Forwarding
-
I’m sure you know, but DMZ is a really bad idea. It exposes your PC to the internet, and makes you vulnerable for all kinds of attacks.
Not correct, you always be protected by the default Windows (software) Firewall
BB
-
@Bad:
Not correct, you always be protected by the default Windows (software) Firewall
BB
makes you more vulnerable than you would normally be, considering its basically telling the router to stop all the various filtering it normally does.
-
So break NAT without static port mappings to work around bugs? Oh, bother…
No, you misread. It’s dubious=0 that prevents non-static mappings to work. As said, @mrivers has a problem with non-static mappings. Or something.
Set your hater to stun.
Set AllowDubious to 1, I am completely fine with that. The goal of the 4.32 net code was to not need port forwarding. But there were problematic routers (Zyxel), and there were bugs in the CS fallback code (which were fixed in update 5) and concern for BW that prompted the ability to disable it.
-
IIRC falcon-online reported breakage after clients go to 3D, i.e. network destabilization caused by flaky clients.
Can’t seem to remember the conversation we’ve had a while back
A.S., can you confirm/deny?
-
IIRC falcon-online reported breakage after clients go to 3D, i.e. network destabilization caused by flaky clients.
Can’t seem to remember the conversation we’ve had a while back
A.S., can you confirm/deny?
From my experience (related with all my PVP events) : allowing dubious client induce a server destabilization (with possibility of server crash or possibility of server who is disconnecting every clients at the same time without crash) when more than 40 clients are connected
BB
-
Hi guys. I dont want to hijack the thread, but at the moment I am within a subnet without access to the router and I am having some problems connecting.
As a client (NOT the host), does any port need to be forward as well? I thought it was only mandatory server-side.
Any info appreciated!
-
It’s not mandatory, but some people are overzealous…
-
If you read this thread you will understand completely.
@syn:
Hi guys. I dont want to hijack the thread, but at the moment I am within a subnet without access to the router and I am having some problems connecting.
As a client (NOT the host), does any port need to be forward as well? I thought it was only mandatory server-side.
Any info appreciated!
-
This post is deleted! -
@syn:
Hi guys. I dont want to hijack the thread, but at the moment I am within a subnet without access to the router and I am having some problems connecting.
As a client (NOT the host), does any port need to be forward as well? I thought it was only mandatory server-side.
Any info appreciated!
Yes you need client and server to have Open ports if behind a NAT… IF you do NOt have access to the Router like at college or something you could try a HTTP Tunneling service…
-
@Bad:
Not correct, you always be protected by the default Windows (software) Firewall
BB
WEll yes and No if you DMZ your PC you are vulnerable to an attack more so then if the SPI Firewall and a Software Firewall is in place… it is BEST NOT to DMZ your PC For anything other then testing…
This is the Lazy way out… DMZ is exactly what it stands for “De Militirized Zone” Well we all know or at least should know what that is like…
-
From my POV, to DMZ a router without checking if one firewall (SPI or software) is in place is stupid and make no sense at all (I repeat : it is only my personal POV)
To be vulnerable highly depends what you are doing with a computer
I DMZ my router and i never had any attack or vulnerability issue because SPI firewall is in place and because I do care of what I’m doing with my computer (it is a “computer” philosophy)
BB
-
@Bad:
From my POV, to DMZ a router without checking if one firewall (SPI or software) is in place is stupid and make no sense at all (I repeat : it is only my personal POV)
To be vulnerable highly depends what you are doing with a computer
I DMZ my router and i never had any attack or vulnerability issue because SPI firewall is in place and because I do care of what I’m doing with my computer (it is a “computer” philosophy)
BB
Well, Bad Boy I hate to be the bearer of Bad news but for one you do NOT DMZ your Router you are putting your PC in FRONT of the Router. its SPI Firewall and all, basically unprotected to the internet… A software firewall is helpful but once you go into a DMZ you are Vulnerable as you are exposed to the internet unobstructed…
Like I said a DMZ is the Demilitirized Zone, basically not a nice place… I know you are vulnerable does that mean you will be attacked probally not but why take the chance… Port Forwarding Offers a bit more security as it is ONLY Opening required ports vs the DMZ which Basically OPENS them ALL… and for some hacker who maybe sniffing on your Line sees these ports are open you are just inviting trouble…
I alone and NOT the ONLY one who knows this… I would advise on just setting up Port Forwarding as doing the DMZ is like having unprotected sex. you may or may not catch something…
I just hope you don’t advise other users to do the same as you…
-
Yes you need client and server to have Open ports if behind a NAT…
open ports? you’re confusing outgoing with incoming.
And DMZ wrt network topology means a subnet with access to a “militarized” subnet, but not the other way around. So it hardly applies. Why people use the term incorrectly is beyond me…
-
@The Nephilim the routers firewall and whole protection system is software, and for me more vaneruble then serius software protection.
A routers firmware is way way more exposed and analised to be hacked then a software protection system that u can update many times a year according to developers updates.
Initially the routers prottection system was there as a first stage filtering and no need of having an extra server for this job, also for stability as all OS’s some time crash.So dmz or connecting directly to the internet ain’t that much of trouble or danger… it’s just a myth. Knowing what to do with it and how to do it safely is another path… so the easy way (As in photo cameras) put the damn thing in automode and fire it up.
-
@The Nephilim the routers firewall and whole protection system is software, and for me more vaneruble then serius software protection.
A routers firmware is way way more exposed and analised to be hacked then a software protection system that u can update many times a year according to developers updates.
Initially the routers prottection system was there as a first stage filtering and no need of having an extra server for this job, also for stability as all OS’s some time crash.So dmz or connecting directly to the internet ain’t that much of trouble or danger… it’s just a myth. Knowing what to do with it and how to do it safely is another path… so the easy way (As in photo cameras) put the damn thing in automode and fire it up.
Yep Arty, it is also exactly my POV here
BB
-
Remember the sasser worm? On Windows, it’s pretty hard to close -all- silly ports. On Unix, ports are to close/bind-to-loopback, not fiddle around with a firewall.
-
To bring this old thread up:
how can a client test if his router fu**s up his portforwarding without connection to a BMS server running in Debug mode? Is this possible with an tool or something?
-
We require ports open for each player 100% of all flights and still have the glitches you mention from time to time. Debriefs are always an issue on the debrief.txt, not so much in the sim itself. Other issues sporadic. Datalink is always an issue. Seems we are always having one pilot that can’t be seen, no matter if CONT on the FCR is selected or not. And it isn’t always the same player that can’t be seen, or the same players that can’t see him/her.
-
yes11 I deleted it…