Program exibiting very odd behaviors and getting firewalled for it.

  • So I'm not sure if anyone here is a gamer, and/or playe Company of Heroes (great RTS by the way, save their complete failure to write good net-code)…

    The game sends packets out on port 6112, but it targets a random port on the receiving end, which in this case is me (IE 55029, 60007, 59075 were a few it picked for me last night). I have port 6112 forwarded to my machine @ the pfSense box, but it blocks most of these packets (for some reason about 1/3 of the packets make it through - therefore I can only see/connect to 1/3 of the games available since each game is hosted on the client machines, I havent sniffed them to see what makes them different).

    It's not reasonable to open up a massive port range for this game, all forwarding to my machine.

    What I can (and have) done is use a VIP and do 1:1 NAT on it, but then my machine isn't firewalled - I can however see most* (but not all) games.

    Does anyone have any tricks/ideas on a decent solution to the poor game programming @ the firewall/router?


    PS - the game calls the errors it gives "NAT redirection error between X and you" - but its clearly poorly routed packets.

  • Try to enable static ports.

  • Well, thanks. That works about as well as doing NAT 1:1 as far as number of connectible games (and still firewalls my the rest of my traffic)…

    However, now my firewall logs are filled with exactly the reverse (lots of random incoming ports targeting 6112 on my machine that are getting firewalled). This is acceptable, since being able to access 3/4 of the games is far superior to 1/4, but I just don't understand why they have so many issues with their routing in the game.