Starcraft battle.net 2 plays on one LAN

danswartz

If the game cares what the source port is, it is totally f*cked and badly designed.  That said, I think what is biting you is that pfsense randomizes the source ports when it NATs (don't ask why).  If you need to change that behavior, you can go to the NAT section and enable advanced outbound routing.  That should make a rule appear (allowing any LAN traffic outbound.)  Then check the box that says "static port".  This will cause pfsense to pass the source ports thru untouched.

kur1j

@danswartz:

If the game cares what the source port is, it is totally f*cked and badly designed.  That said, I think what is biting you is that pfsense randomizes the source ports when it NATs (don't ask why).  If you need to change that behavior, you can go to the NAT section and enable advanced outbound routing.  That should make a rule appear (allowing any LAN traffic outbound.)  Then check the box that says "static port".  This will cause pfsense to pass the source ports thru untouched.

This is the way this guy that made that thread I originally posted explain what his stuff is doing. My understanding of this is that the router is faking b.net into thinking it is playing the game. Where as it is just directing the Starcraft data to the correct PC as it normally can't.

Message leaving your computer going to the internet
Code:
Source IP: 192.168.1.100
Dest IP: some internet address
Source Port: 6112
Dest Port: 6112
Now, when that gets to the router the router goes, oh, I need to translate the source port (because when the target gets the message, it sends to the message back to the "sender" ie. source port).

So now it looks like this:
Code:
Source IP: WAN Address (same ip as "myipaddress.com")
Dest IP: some internet address
Source Port: 64001
Dest Port: 6112
Notice, the dest port is still 6112, so it gets to the target running SC correctly. Now, when they respond to your message, they will reply to the "source port" ie. the address of the sender (remember UDP has nothing to do with IP).

So when they reply it looks like this:
Code:
Source IP: some internet address
Dest IP: Your WAN Address
Source Port: 6112
Dest Port: 64001
The router gets the message (because your WAN is the address of your router on the internet) and sees that the dest port is 64001. So now it translates the dest address including the port (so instead of being your router, the router sets the destination ip address to 192.168.100:6112 and then forwards the packet to you).

So on your computer you get:
Code:
Source IP: some internet address
Dest IP: Your WAN Address
Source Port: 6112
Dest Port: 6112

danswartz

I have no idea why you posted that reply.  I know how NAT works, and in fact UDP does have something to do with IP.  Have you actually tried my suggestion?

kur1j

Yes, I did.

It doesn't seem to work. I have it setup fine for xbox live and it is working.

I don't know how I am supposed to get the intended information for each machine if there is only 1 port available for me to send the information to.

danswartz

without knowing specifically what starcraft wants for port numbers, it's hard to say.  the implication of your first post was that the source ports not being what was expected was the issue, hence my static port suggestion.

kur1j

According to their documentation it is 6112.

http://us.blizzard.com/support/article.xml?locale=en_US&articleId=21109&rhtml=true

This might be a better explanation.

http://www.ndl.kiev.ua/content/starcraft-and-nat-issues

Efonnes

You will need to configure each computer to use a different port number for Starcraft with the registry setting mentioned.  On the router, forward those ports to the appropriate computers and add an outbound NAT rule for each computer with the port filled in for the source port and static port enabled.

There is also an alternate method I thought of that should work with Starcraft, WC2BNE, Diablo 1, and Diablo 2; but you will need to use a different port for Warcraft 3 if you play that.  For this you will not be changing the configured port number on the computer, leaving it at the default instead.

1. For each computer, on the router add an outbound NAT rule with the computer's IP address (with 32 for the subnet bits) for the source and 6112 for the source port.  For translation port, put in the port number you want that computer to use (should be a different one for each computer).  Leave static port unchecked.  These rules should be above the outbound NAT rule for the LAN.

2. For each of the entries you added, also add a port forward.  Select UDP for protocol.  For external port, use the same port you specified for translation port above.  For NAT IP, enter the IP address of the computer that this should go to.  For internal port, enter 6112.

I did this based on what I know about how the ports get configured when you connect to Battle.net with those games.  If you try it this way, be sure to delete the Game Data Port registry setting on those computers if you have added it.

Correction:  For this to work, it seems to require that the port forward be UDP only.

Update:
Tested it just now.  This alternate method does work.  I hosted a game to confirm it, and someone was able to join the game and play it with me.

kur1j

In your test were you able to have 2 people inside the same lan and someone on the outside of the lan play without lag?

Efonnes

It should be fine, though there could possibly be an issue if either one of you are the one hosting.  Enabling NAT reflection, if you haven't already, may counter this.

kur1j

@Efonne:

You will need to configure each computer to use a different port number for Starcraft with the registry setting mentioned.  On the router, forward those ports to the appropriate computers and add an outbound NAT rule for each computer with the port filled in for the source port and static port enabled.

There is also an alternate method I thought of that should work with Starcraft, WC2BNE, Diablo 1, and Diablo 2; but you will need to use a different port for Warcraft 3 if you play that.  For this you will not be changing the configured port number on the computer, leaving it at the default instead.

1. For each computer, on the router add an outbound NAT rule with the computer's IP address (with 32 for the subnet bits) for the source and 6112 for the source port.  For translation port, put in the port number you want that computer to use (should be a different one for each computer).  Leave static port unchecked.  These rules should be above the outbound NAT rule for the LAN.

2. For each of the entries you added, also add a port forward.  Select UDP for protocol.  For external port, use the same port you specified for translation port above.  For NAT IP, enter the IP address of the computer that this should go to.  For internal port, enter 6112.

I did this based on what I know about how the ports get configured when you connect to Battle.net with those games.  If you try it this way, be sure to delete the Game Data Port registry setting on those computers if you have added it.

Correction:  For this to work, it seems to require that the port forward be UDP only.

Update:
Tested it just now.  This alternate method does work.  I hosted a game to confirm it, and someone was able to join the game and play it with me.

Thanks for the response.

I have double and triple checked the configuration but I cannot seem to get this to work correctly.

I can make a game on b.net with my PC and my buddy can't join the game. It says "your latency is too high". We can both join the same game someone else has made, but we get the horrible lag after we actually get inside the game.

clarknova

Efonne's description is the correct solution. If I'm not mistaken, attached is the visual depiction (based on the iptables values in your original post).

Efonnes

Don't forget the port forwards for doing the reverse on inbound connections.  With clarknova's example, you would need these port forwards:

Proto: UDP, external port: 64001, NAT IP: 192.198.1.4, local port: 6112
Proto: UDP, external port: 64002, NAT IP: 192.198.1.5, local port: 6112

Be sure to change the IP addresses to your actual local IP addresses.

clarknova

Right. i was being lazy and assumed that the keep-state rules would take care of that, but I guess I should answer the question and not assume. TT's solution also prescribes the attached inbound (port forward) NAT rules. When creating the rules, be sure to check the box to automatically create a firewall rule. Note also that you normally just use "Interface address" for the external address. You will see an IP address under the NAT IP column because pfsense fills that in for you.

Efonnes

The keep state rules do not take care of it because there may be no existing state to keep.  The reason this kind of translation works for Starcraft is that its version of Battle.net expects Starcraft to be listening on the same port as was used for the source port.  It then tells the other players that you are listening on that port number.  For Starcraft you can also change the source port number through the registry, but the router needs to be told not to change the source port when it translates the outbound packets.  In either case a port forward is needed, though.

For Warcraft III, its version of Battle.net does not care about the source port.  It directly tells Battle.net what port it is listening on instead.  Because of this, it only requires a simple port forward with the external and local ports set the same and no special outbound configuration.