 | | | Getting UDP through NAT/firewalls/whatever for a game. | Getting UDP through NAT/firewalls/whatever for a game. 2004-01-08 - By MacFirst
Back
on 1/7/04 7:42 PM, Scott Palmer <scott.palmer@(protected)> went on and on
saying, in part:
> On Jan 7, 2004, at 7:17 PM, MacFirst wrote:
>> Perhaps I should've been more specific.
>> The game Clan-Lord (www.clanlord.com), which I play a lot, does a fairly
>> decent job of this. Of course, so does Everquest, UO, AC, and all the other
>> MMO games
> Ok, point taken. I based my response though on having exactly the same
> problem that you are describing with Quake 3 on the PC platform and
> what we tried to do to get around it. I think we had some success
> changing the port the Q3 server used to 37. To play Quake 3 with a
> rudimentary firewall like a LinkSys router on your broadband connection
> for instance you need to open the port.
Yeah -- the thing is: telling your customers "you have to reconfigure your
DLS modem/router/whatever" isn't really the sort of user-experience for
which I'm looking. I mean, I'm pretty sure I could brute-force things to
work by having a "select port" dialog and a note about "now go reconfigure
your network to allow UDP through port 12345" -- but I was hoping for
something a bit more... Well, you know :)
As an example: suppose I get my game to work using port 37. Then suppose
someone on the same NAT (wife, kid, whatever) wants to play Quake.
Something's gonna break, right? Or not? I don't know, because I'm new to
all of this stuff. I'm looking for something that's more robust than "we
gave it a shot and it seems to work, sometimes."
*SOME*body's got to know this stuff!
Btw, UDP from client to server works fine. The server is at a known port,
and stuff arrives as intended. It's UDP from server to client that's the
problem.
> One question I have are - Why is the initial connection TCP based if it
> is ultimately going to say "here I am" with the UDP packet anyway?
Everything I've been able to find on google (and experience bears this out)
says: the "right" way to open a port in the server's firewall to allow UDP
in is to have the client open a TCP socket on a known port, then use the
same port to send UDP.
--- Tangential background stuff ---
The "here I am" UDP packet from the client only exists because if I send a
packet from "client.myDomain.com: 11111", due to routing, NAT and whatnot,
it may ARRIVE at the server saying it was from "client.myDomain.com:22222"*.
Login (userID + password) happens over TCP for reliability -- now the server
has a connection and a user, but it needs to know "when user SCOTT sends me
a UDP packet, how will I see it?", hence the goofy dance.
Yes, I know -- it's the most ridiculous, un-secure, failure-prone design
imaginable. However, it appears to be the one in common usage.
>> I only want to solve this problem as well as they do. What do THOSE
>> guys do?
> You might consider snooping the communications of the programs that
> work to see what ports they are sending to etc...
Yeah... Again, I was hoping to get something from someone who actually knew
what was going on, as opposed to my guessing. As I said in my 1st, I'm new
to this networking stuff. I can get it to work in simple circumstances (and
I'm not even sure why the local Coffee Shop's open airport is "simple" while
the one at The Apple Store isn't), but anything I snoop over a transmission
line is going to be pure guesswork on my part.
Thanks!
---
* Crappy ascii art:
Server | |Some | |your |
Machine | <----> |Router | <---> {The internet} <---> |ISP's | <--->
| |Server-| |router |
|side |
(Continued...)
|your |
|airport | |Your |
<---> |which is | <---> |computer |
|also a | | |
|NAT |
Between each set of <---> arrows, the IP address and port number that the
packet "came from" changes. The ones in the middle aren't so important, but
the ones near the ends (esp, in this case, the "your computer" end) are
important for the purposes of sending things between the endpoints.
So, when "Your Computer" (let's say 1.2.3.4) sends a packet, the server
might see it as having come from 1.2.3.4:9999 (remember, UDP is
"connectionless", so there's no "from port", sort-a.) The goofy "here I am"
dance is to identify the client for later recognition.
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
mac-games-dev mailing list | mac-games-dev@(protected)
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/mac
-games-dev
Do not post admin requests to the list. They will be ignored.
Earn $52 per hosting referral at Lunarpages.
|
|
|