"NAT Bouncing" UDP
-
Alright, I have reason to guess this isn't working for me.
I'm trying to perform a feat impossible with most home routers anyway (the only one that I've seen this work on is the D-Link DI-524 vD2) - get two or more players of GunZ on the same local area network viewable in the game. This game is peer to peer. I tried and tried to figure out WTF the problem was here. I fired up ethereal after giving up all hope of ever configuring pfSense to fix this. This is what the setup is while we're in a game:
Computer 1: GunZ on port 7700, IP 192.168.1.200
Computer 2: GunZ on port 7725, IP 192.168.1.230
My Public IP: 72.xx.xx.xxEthereal on Computer 1 shows Computer 1 sending from 192.168.1.200 port 7700 to 72.xx.xx.xx port 7725
Ethereal on Computer 2 shows Computer 2 sending from 192.168.1.230 port 7725 to 72.xx.xx.xx port 7700
Neither shows packets received from 72.xx.xx.xx nor 192.168.1.xxxTherein lies my problem- since they can't communicate, they can't play with eachother in game. Computer 1 sees everyone else but Computer 2 in the game, and vice versa. That's how I know my port forwarding and outbound nat rules are correct :) I tried playing with outbound nat a bit to fix this but to no avail.
Any ideas??
-
Did you enable NAT Reflection? I had similar problem and a fix it with this options.
-
Did you enable NAT Reflection? I had similar problem and a fix it with this options.
Actually, I just realized that was disabled.
However, I enabled it and still have the same problem.
-
Stupid game. Why are the clients communicating directly with each other? Usually the gameserver should handle the connections for the clients. You would have to add portforwards for the ports the internal clients are useing and have nat reflection enabled for this to work. However I guess the ports the clients are using are dynamic and will be different on every launch of the program, maybe even on every new map connect. You should adress this at the gunz site. I don't know of any router that could do that. It would mean generating a nat reflection for every state that runs through the firewall to make this work.
I also don't understand how this should work if both clients are behind different routers with different public IPs and there are no ports forwarded? The clients would be firewalled against each other. Maybe that game needs portforwards to operate properly?
ok, stupid game: "GunZ requires you to forward the 7700-7800 ports" and you can't portforward the same range to different clients. :P
Really last edit, now YOU have to do your homework: http://boards.pyoko.org/index.php/topic,2824.120.html
Ranges seem to be customizable. Set both clients to different ranges, portforward the different ranges to the different clients, enable nat reflection.
btw, you have to add the ranges in chunks <500 ports or pfsense won'T create a nat reflection for it ;) -
Stupid game. Why are the clients communicating directly with each other? Usually the gameserver should handle the connections for the clients. You would have to add portforwards for the ports the internal clients are useing and have nat reflection enabled for this to work. However I guess the ports the clients are using are dynamic and will be different on every launch of the program, maybe even on every new map connect. You should adress this at the gunz site. I don't know of any router that could do that. It would mean generating a nat reflection for every state that runs through the firewall to make this work.
I also don't understand how this should work if both clients are behind different routers with different public IPs and there are no ports forwarded? The clients would be firewalled against each other. Maybe that game needs portforwards to operate properly?
It's peer to peer. The developer is very, very small. The server handles items, bounty and XP. The data goes peer to peer, servers are out of their budget.
The game does need port forwards to operate, you are correct. If someone is behind a firewall, it will NOT work unless the port is forwarded. Everyone will have 999 ping in the game and not move.
The port it uses is static. Computer 1 is set to 7700, Computer 2 is set to 7725. I have the ports forwarded. For some reason I also had to use advanced outbound NAT rules because the game didn't take kindly to the packets coming from my public interface at a random high port that pfSense decided instead of the port that I set.
The thing here is everyone on the internet can see comp1 and comp2, and comp1 and comp2 can see everyone on the internet in the game. They can NOT see eachother in the game though. I'm trying to fix that so we can LAN together. This never worked on my old D-Link DI-624 rev C but somehow D-Link made it work in the DI-524 rev D. I'm hoping someone can figure out a pfSense way to make it work too.
-
Really last edit, now YOU have to do your homework: http://boards.pyoko.org/index.php/topic,2824.120.html
Ranges seem to be customizable. Set both clients to different ranges, portforward the different ranges to the different clients, enable nat reflection.
btw, you have to add the ranges in chunks <500 ports or pfsense won'T create a nat reflection for it ;)Never would have posted if I didn't do that first :)
You can set the client to use only one port. The range "feature" was added later, and I don't use it.
The ports are forwarded to the respective PC (just one port per)
NAT reflection is at least working for TCP packets, I know that for sure (I can access my shareaza remote admin with my public ip) - No way to test for UDP though
Still have the same problem with gunz though :(
I'm thinking it's not working maybe because gunz uses UDP… but I don't know. Ethereal shows my computer sending packets to mypublicip:7725, and then on the computer running gunz on that port there are no such packets being received. FWIW, Windows Firewall is off and all security programs are uninstalled (have been for a while actually- I browse safely.)
According to the states page, it is treating packets to port 7700 and 7725 differently- it is forwarding them to itself (127.0.0.1) - as I understand that's how nat reflection works but... why isn't the other computer ever receiving the packet then? It would at least shown up in Ethereal, it shows ALL packets the NIC receives, no matter what the origin.
There's no UDP packets that look like they could be remotely originated from the other computer or the router... leaving me to beleive that pfSense is "losing" the packets somewhere.
-
Just for fun, does it make a difference if you create the NAT and firewallrule to allow tcp and udp for this port? How do the nat reflection rules in /tmp/rules.debug look like?