Difference between revisions of "Hosting"
(Removed all, this will be added to setup.cfg)
m (Added hu lang.)
|Line 494:||Line 494:|
<!-- links to other languages -->
<!-- links to other languages -->
Revision as of 20:32, 10 July 2014
- 1 Bandwidth Calculations
- 2 Running a LFS Server
- 2.1 Assumptions
- 2.2 Dedicated Or "Full Client" Servers?
- 2.3 Brief Guide
- 2.4 Detailed Guide
- 2.5 Configuration Files
- 2.6 Firewalls
- 2.7 Port Forwarding / Home Routers
- 2.8 Track Restriction
- 2.9 Track List
- 2.10 Points of Interest
- 3 Host commands
- 4 How to play LFS on a LAN
- 5 Hosting for Dummies
Bandwidth usage increases approximately with the square of the number of players. You must be careful not to set your limits too high or it will be a lag festival. It takes a very high upload bandwidth to run max guests. Maximum in S2 is much more than double the S1 maximum. I'll give the values in KB/s - multiply by 8 to get the required upload in kbits. These values are for a smoothness setting of 4 packets per second.
4 guests, 4 cars : 4.9 KB/s 8 guests, 8 cars : 21.4 KB/s 11 guests, 11 cars : 41.6 KB/s (demo max) 12 guests, 12 cars : 49.9 KB/s 15 guests, 15 cars : 79.1 KB/s (S1 max) 16 guests, 16 cars : 90.4 KB/s 20 guests, 20 cars : 142.9 KB/s 32 guests, 32 cars : 372.4 KB/s 47 guests, 32 cars : 552.4 KB/s (S2 max)
Running a LFS Server
From download to install, to configuring your firewall, this is meant as a rough guide (revision 1.65) to get you started with running an LFS server.
I'm sure you've all got comments on whether it needs re-wording, deleting or more adding to it. Feel free to let me know via pm, or just post away The major problem is that there are so many home and comercial products out there now, that its impossible to cover them all, but I'll do my best. I'm hoping to get some additional firewall information on here, including configuring a cisco pix, zonealarm, etc.
Throughout the entire guide, I assume that you dont change the default port (which is 63392) that you've set for LFS to use. If you do change it, then you need to substitute 63392 for the port you've set LFS to bind to.
I also assume that you're going to be running the dedicated server. If this is not the case, you're only likely to need to read the following sections, as you can configure everything else in-game when you start the multiplayer game.
Dedicated Or "Full Client" Servers?
Theres a few key differences to using the dedicated server software and the full client. Primarily it's the minimum requirements for the system and what's packaged with it. The dedicated server doesn't have any of the game content, as such, and will just sit there serving requests consuming a minimal amount of diskspace. Theres little or no interface, depending on how you have it configured, which means you don't need a graphics card (configuring via a console connection works reasonably well on some OS').
So why would you use the dedicated server? Anywhere that you can't use the full LFS client, where you'd want to run a server for extended periods of time. For example, say you had a dedicated server in a datacentre and you wanted to run an LFS game server from that. The full client would be; resource consuming (disk space, and required management time), a waste of an unlock or an account. The dedicated server, on the other hand, would be ideal.
- Download the dedicated server from http://www.liveforspeed.net/?page=addons.
- Extract somewhere you'll remember; the desktop is NOT a good idea.
- Configure host by editing setup.cfg / creating a new cfg file.
- Start the server.
- If you're on the same local network / have a route to the server, then try to connect to it via the LAN.
- Test a connection from outside the local subnet, i.e. from the internet. If it doesn't work, forward / open the incoming ports (TCP/63392,UDP/63392), and make sure the outgoing port (TCP/29339) is also open.
- Join the Wrecker Barricade, then play with, pimp and have fun with your server.
- Download the dedicated server, using your favourite browser from http://www.liveforspeed.net/?page=addons.
- Right click and select Extract to folder, or use your favourite unzipping software. Usually you can double click on the file, and follow the extract procedure.
- Either create a new, or copy a new setup.cfg file. I suggest copying setup.cfg, and naming it something you'll remember. Change the config as required. Take a look at the configuration section to learn more.
- Start the server. I usually create a batch file containing
lfs.exe /cfg=<PATH TO CFG FILE>
- You can edit and use my batch file attached if you dont know how to make one.
- Test connecting to the server. If its on the same PC connect to the IP 127.0.0.1. Otherwise type the IP address of the remote server. If its on the same local subnet, then start the LFS client and Click "Multiplayer", then "Join Specific Game", then select local network.
- If you cannot connect, and you got the password (if any) correct, then you need to open the ports in your windows firewall (see the firewall section), or your LAN's firewall. If you have a LAN firewall, then talk to your sys/network admin nicely.
- Try connecting from outside your network (i.e. from the internet). Either get a friend to help, or ask on the forums. You'll need to remember to tell us what you called the server.
- If they cannot connect, you need to open the ports in your external firewall, or forward the ports from your router. See the firewall section for this.
Securing your Windows Server
Theres a few basic things; they aren't particularly LFS orientated, but you may not be aware of them. Throughout this, I'm assuming that you're using a standalone Windows 2003 server, or XP machine thats directly connected to the internet. I wouldn't particularly recommend doing some of this things to a desktop machine. Infact some may not even be available.
- Turn off NetBios on internet facing network cards (Control Panel > Network Connection Properties > Untick File and Printer Sharing, then TCP/IP Properties > Click Advanced > goto WINS tab > select Disable NetBIOS over TCP/IP > Click ok until all dialogs are closed),
- If you have RDP or VNC enabled, put long and "complex" passwords on your accounts,
- Make sure you keep yourself patched up,
- If you're using a Windows 2003 server, I suggest keeping the IE Enhanced Security Configuration installed,
- Don't let random people use your machine,
- Don't install things you don't need.
Linux with WINE
For this guide, I presume you know at least the basics about linux (i.e. your package manager, navigating the directory tree, etc.). I also assume everything you do is from a terminal / ssh session.
It's also worth taking a look at this thread, which discusses the issues with various versions of WINE, and workarounds.
- Download the dedicated server: http://www.liveforspeed.net/?page=addons
- Extract the server, and extract to the directory LFSServer, in the current directory: unzip -o LFS_S2_DEDI_V.zip ./LFSServer
- Make sure WINE is installed. If not download / install / compile it.
- Create or edit the setup.cfg file. The important thing is that /dedicated=invisible, otherwise it will complain about the lack of an X Server.
- Starting the LFS server. With recent versions of WINE, running LFS as a background process is a pain and has a lot of problems. avellis' suggestion of using wineconsole in a screen is a pretty good solution:
screen -S <INSERT NAME> wineconsole --backend=curses LFS.exe /cfg=<INSERT PATH TO CFG>
- You can of course, use the background method, if you have an older version of WINE.
nohup wine LFS.exe /cfg=setup.cfg >/dev/null & echo $! > lfs.pid
- What this will do is start LFS in the background and create an lfs.pid file containing its process id. This is useful if you want to automate the whole starting and stopping of the server process. If you want to learn more about screen, do a man screen in a terminal, or take a look at http://linuxforum.com.
- Test connecting to the server. If its on the same local network, try connecting to a local game, and putting in the IP address of the box.
- Finally, get someone from the forums, or outside of the server's network to connect.
If you cannot connect, then you need to open up the ports on your router or firewall.
Killing an orphaned or obsolete WINE\LFS process is a pain in the neck. I've found that a
killall -9 wine
(as the appropriate user (either owner or root)) is the most reliable way of doing it. Either my version of WINE doesnt like being killed, or my box is having a permanent funny 5 minutes; I've always had trouble killing WINE.
A final note on screen, I have a bad habit of opening them for compiles, lynx, LFS servers, etc. and then forgetting they're open. 2 weeks later I wonder where all the RAM has gone Rarely will I say a tool is too useful for its own good, but in this case screen is.
Securing your Linux Server
Theres a few obvious things, but I feel its better to go over them.
Make your LFS server run as a non-privileged user. I prefer to create a new user for each process that I run on my servers.
To create a new user, take a look at the adduser command:
Personally I'd create a user called LFSServer, give it a difficult to guess password ("1oustledroam" for instance), and lock down so that user can only read and write to its home directory (which is where I'd put the LFS server files) and any other essentials it needs. Doing this is rather long winded, out of scope of this thread, and there are plenty of articles about it on the internet.
The Common Way
Use a batch file, shortcut or any method you like to start LFS.exe with a command line. You can use the following options below:
/host=Host Name :FIRST IN LIST /pass=Pass :if required - password /admin=Pass :if required - admin password /ip=X.X.X.X :if required - local specified ip address /port=63392 :a high number below 65536 /mode=demo :demo / s1 / s2 /usemaster=yes :no / yes / hidden /track=XXCR :track and config (e.g. BL1 / SO3R / FE4) /weather=1 :weather : 1,2,3 in Blackwood /cars=[cars] :use list of cars including a + between them (ex. UF1+XFG+XRG+FBM) /maxguests=4 :max number of guests that can join host /carsmax=5 :max number of cars in a race /carshost=1 :max number of cars (real+ai) on host pc /carsguest=1 :max number of cars (real+ai) per guest pc /pps=4 :smoothness (3-6) number of car updates per second /qual=0 :qualifying minutes, 0 for no qualifying /laps=5 :number of lap, 0 for practice /wind=1 :0 no wind / 1 low wind / 2 high wind /dedicated=no :no / yes / nogfx / invisible /vote=yes :no / yes : can guests vote to kick or ban /select=yes :no / yes : can guests select track /rstmin=X :no restart for X seconds after race start /rstend=X :no restart for X seconds after race finish /autokick=no :no / yes / ban / spec (Wrong way drivers) /midrace=yes :no / yes (Join during race) /mustpit=no :no / yes (Pit Stop Required) /start=finish :fixed/finish/reverse/random (Default race start) /welcome=X.txt :set welcome text file /tracks=X.txt :set list of allowed tracks
A few things to mention are that;
- The IP setting does not have to be defined. Thats only for multihomed machines, and if you want it to listen on one address. If you * dont know what that means, then don't fiddle
- The / is required at the start of the configuration directive (LFS basically treats the cfg file the same as an argument)
- Two //'s are a comment
The Easy Way
CrazyICE has created the DediGUI NG which allows you to control local (CrazyICE, feel free to correct me here) dedicated configuration files, and the whole dedicated server.
There are a lot of firewalls out there, but I'll try and cover the ones I've got experience with: ISA, iptables and the windows firewall. If anyone has any requests, I'll add it to the thread / guide, if I can.
The following rules should be enough to help you. Note: I assume that the machine running iptables is the same as the machine running the server. If not replace INPUT and OUTPUT with FORWARD.
iptables -A INPUT -p tcp --dport 63392 -m state --state NEW -j ACCEPT iptables -A INPUT -p udp --dport 63392 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp --dport 29339 -m state --state NEW -j ACCEPT
Microsoft ISA Server
I'm afraid I only have ISA 2004 on machines now, so the ISA template files I'll be providing will only work as intended on that. I'll add a little guide for them shortly, but I assume that you'll know what to do with them, if you're already using ISA.
- Open the Windows Firewall, from the control Panel, and goto Advanced.
- Select your Network Connection you want to allow connections from, under Network Connection Settings, and then click the Settings button.
- Click Add. Give it a Description of "LFS (TCP/63392)", set the Name or IP to 127.0.0.1, put 63392 as both Port Numbers, and select TCP. Click Ok.
- Click Add. Give it a Description of "LFS (UDP/63392)", set the Name or IP to 127.0.0.1, put 63392 as both Port Numbers, and select UDP. Click Ok.
- Depending on your setup, this final one may not apply. I've come across a particular hotfix which appeared to change the behaviour of the Windows Firewall. Try it without first, if it doesnt work then click Add. Give it a Description of "LFS (TCP/29339)", set the Name or IP to 127.0.0.1, put 29339 as both Port Numbers, and select TCP. Click Ok.
If when you start the dedicated server, and Windows askes if you want to unblock it or not, select Unblock.
Windows ICS (Internet Connection Sharing)
Port fowarding with Windows ICS is a royal pain in the bum. Sadly there are still people that use this. I'm currently writing up a guide for this.
Port Forwarding / Home Routers
There are quite a lot of home routers out there, so giving a guide for them all would be quite difficult. Heres one for DD-WRT (I run a linksys WRT54G).
- Open a browser window, and goto your router's IP address. In most situations you'll find this is your default gateway. You can find this by going to Start > Run, typing "cmd", clicking ok, and then typing "ipconfig" and pressing enter.
- Click "Applications & Gaming"
- Click "Port Forwarding"
- Click Add
- The following settings should be enough: Application = LFS, Port From = 63392, Protocol = Both, IP Address = Your Local IP Address (can be found from ipconfig, as above), Port to = 63392, and tick Enable.
- Click "Save Settings"
Check out PortForward.com for a guide for your router.
To restrict the tracks allowed on a host:
- Create a text file named "X.txt" in your LFS folder.
- List all the tracks and configurations you want to allow.
- Type one configuration on each line.
- You must use the short name of the tracks: [first two letters of name] [config number] [reversed]
If you're not familiar with the track's shorthand names, heres something you might find helpful:
- BL1 = Blackwood GP
- BL1R = Blackwood GP Reverse
- BL2 = Blackwood RallyX
- BL2R = Blackwood RallyX Reverse
- FE1 = Fern Bay Club
- FE1R = Fern Bay Club Reverse
- FE2 = Fern Bay Green
- FE2R = Fern Bay Green Reverse
- FE3 = Fern Bay Gold
- FE3R = Fern Bay Gold Reverse
- FE4 = Fern Bay Black
- FE4R = Fern Bay Black Reverse
- FE5 = Fern Bay RallyX
- FE5R = Fern Bay RallyX Reverse
- FE6 = Fern Bay RallyX Green
- FE6R = Fern Bay RallyX Green Reverse
- SO1 = South City Classic
- SO1R = South City Classic Reverse
- SO2 = South City Unoffical 1
- SO2R = South City Unoffical 1 Reverse
- SO3 = South City Unoffical 2
- SO3R = South City Unoffical 2 Reverse
- SO4 = South City Long
- SO4R = South City Long Reverse
- AU1 = Autocross Arena
- AU2 = Skidpad
- AU3 = Drag (2 lane)
- AU4 = Drag (8 lane)
- KY1 = Kyoto ring Oval
- KY1R = Kyoto ring Oval reversed
- KY2 = Kyoto ring National
- KY2R = Kyoto ring National reversed
- KY3 = Kyoto ring GP long
- KY3R = Kyoto ring GP long reversed
- WE1 = Westhill International
- WE1R = Westhill International reversed
- AS1 = Aston Cadet
- AS1R = Aston Cadet reversed
- AS2 = Aston Club
- AS2R = Aston Club reversed
- AS3 = Aston National
- AS3R = Aston National reversed
- AS4 = Aston Historic
- AS4R = Aston Historic reversed
- AS5 = Aston Grand prix
- AS5R = Aston Grand prix reversed
- AS6 = Aston Grand Touring
- AS6R = Aston Grand Touring reversed
- AS7 = Aston North
- AS7R = Aston North reversed
Points of Interest
LFS only accepts LAN IPs in the RFC1918 range
- 10.0.0.0 - 10.255.255.255 (10/8)
- 172.16.0.0 - 172.31.255.255 (172.16/12)
- 192.168.0.0 - 192.168.255.255 (192.168/16)
Calculating Required Upload (As of Patch V)
Either use the calculator in the full LFS client (Multiplayer > Start New Game, select a track if required and fiddle with the settings), or follow this formula:
(PPS*0.09375)*((MAX_GUESTS*MAX_IN_RACE)-MAX_IN_RACE) = Kilobyte/sec upload required
If you don't plan to use the dedicated server, you should use the following:
(PPS*0.09375)*((MAX_GUESTS*MAX_IN_RACE)-(MAX_IN_RACE-1)) = Kilobyte/sec upload required
You can use text commands to control normal or nogfx dedicated hosts.
Using the normal text message system (pressing T in a normal host or simply typing into a nogfx host), the message becomes a command if you start it with a slash character.
Simple commands with no parameter
/restart :(re)starts the current race /qualify :(re)starts qualifying /end :return to entry screen /names :toggle display between player and user names /exit :clean exit from nogfx host (host only) /help :get list of commands /reinit :total restart (removes all connections)
Commands with a parameter - entry screen mode
/track XXCR :track and config (e.g. BL1 / SO3R / FE4) /weather X :lighting (e.g. 1, 2, 3...) /qual X :qualifying minutes (0 = no qualifying) /laps X :number of laps (0 = practice) /hours X :number of hours (if laps not specified) /wind X :0 no / 1 low / 2 high /autox X :load autocross layout named X for this track /axclear :clear autocross layout
Commands with a parameter - any time
/axlist X :get list of layouts for track X - e.g. AU1 /maxguests X :max number of guests that can join host /carsmax X :max number of cars in a race /carshost X :max number of cars (real+ai) on host pc /carsguest X :max number of cars (real+ai) per guest pc /pps X :smoothness (3-6) number of car updates per second /msg X :send system message /rstmin X :no restart for X seconds after race start /rstend X :no restart for X seconds after race finish /autokick X :no/yes/ban/spectate (Wrong way drivers) /midrace X :no/yes (Join during race) /mustpit X :no/yes (Pit Stop Required) /start X :fixed/finish/reverse/random (Default race start) /pass X :set new password (BLANK = no password) /welcome X.txt :set welcome text file /tracks X.txt :set list of allowed tracks
Kick and ban commands - any time
/spec X :make user X join the spectators /kick X :disconnect user X /ban X Y :ban user X for Y days (0 = 12 hours) /unban X :remove ban on user X
Penalty commands - during a race
/p_dt X :give player X a drive-through penalty /p_sg X :give player X a stop & go penalty /p_30 X :30 seconds added to finish time of player X /p_45 X :45 seconds added to finish time of player X /p_clear X :clears penalty
Host settings commands
/vote X :no or yes - guest voting /select X :no or yes - guest selection /cars [cars] :use list of cars including a + between them (ex. UF1+XFG+XRG+FBM)
Other text commands
/out X :ignored by LFS but seen by external programs
These commands are also available to any user who has connected to the host using the admin password if one was specified when the host was started.
How to play LFS on a LAN
Firstly you need to decide which PC will HOST the game, go to this PC and find out its IP address, you can do this by going to START, RUN, CMD, IPCONFIG /ALL.
Note down your IP address, it should be in the range 192.168.0.0, if it isnt then you either need to set it to a proper LAN IP range (192.168.0.0), or if you have XP (certainly PRO, not sure if it works in HOME) you can assign more than one IP address.
Once you have the IP address changed and/or noted, you can now proceed in starting LFS on the HOST machine, click the Multiplayer button, then click Start new game, you will be presented with this screen.
Notice at the top you have 3 options, LOCAL, INTERNET and HIDDEN, as you are making a LAN only game click LOCAL, game name can be anything of your choosing, but CAN'T be blank, password can be left blank, IP address MUST be the same is the IP address on the host machine, and port needs to be a port that is open on your firewall, here I have 63392, yours may be different but you MUST note down which port you use.
Select the other settings to your preference and click GO, once the game has loaded go to each CLIENT machine and proceed to join the game on each CLIENT machine.
Again, the CLIENT machines MUST have a valid IP range, if not change or add as described earlier.
Click Join Specific game, next click LOCAL NETWORK, enter the HOST IP address,the HOST port and the HOST password, now click go and you should connect to the host machine, if you don't and get client connect either your firewall is blocking the traffic on either HOST or CLIENT machine, or your IP address/port selections are wrong.
It certainly works on a LAN, but it just takes a little time to get it running.
Hosting for Dummies
A beginners guide to hosting.
This little guide is written to help people understand the basics of hosting. I have tried to keep away from the technical babble, but some basic knowledge is needed, so lets go on to chapter one: Internet basics.
All Internet communications is using 3 main parts: IP addresses: This is the address you have, or the address of the host you are connecting to. Ports are used to keep traffic separated, and give the ability to have several services (like http @ port 80, https @ port 443) or programs running at one IP-address. Protocols are the “language” used. For LFS we need TCP and UDP. TCP is using “Handshake” for each packet, so that every packed delivery is confirmed. This creates more traffic, but is reliable and sender knows that data was delivered. TCP also resends packets that were lost automatically. LFS uses TCP for control data, like race restarts. UDP is just sending packets, and hope they arrive at the recipient. It’s much quicker method, but unreliable. LFS uses UDP for sending car position data.
To be able to communicate we need some hardware: NIC: Network Interface Card, or for short: Network card. Routers keep track of where to send the traffic.
Some services: DNS Dynamic Name Server, this helps you to use names for hosts, so you just need to remember www.google.com, instead of 22.214.171.124 (Google’s IP-address) DNS is not necessary for LFS, but used for almost everything else …
Security: Firewall is a system or program used to only let approved traffic thru.
And finally, some other terms used: DHCP, Dynamic Host Configuration Protocol. This is assigning a unused IP-address automatically, helping to reduce the number of unused IP-addresses. Some ISPs force a new IP-address every now and then. Public IP is the IP-address you use to connect to the Internet, or the IP you connects to. This must be a unique address (You will be assigned this from your ISP using your ISP’s DHCP-server) Also called “outside” Private IP Your home router assigns you a Private IP, this address is within some specific ranges, a common used range is: 10.x.x.x , the second range, the most common default for your typical home router is 192.168.x.x, The third range is 172.16-31.x.x. Also called “inside” NAT Network address Translation. This is a very clever system; it protects you very well from the Internet, and gives you the possibility to have several PC’s on the “Inside” [PC1] --> [PC2] --> [Router with NAT] --> Internet [PC3] --> When using NAT your Private IP address is translated to your Public IP, making it possible for you to get on the net Lots of stuff, and new words, but its needed to understand why you need port-mapping.
Lets move on to “How it works”
How the Internet works
A simple sample, direct connection to the Internet: [PC1] --> [Internet] --> [www.google.com]
Your PC has a valid Public IP, and you want to browse google’s web pages Your PC first makes a DNS lookup to find Google’s Public IP. Http is using Port 80, so your PC connects to Google’s public IP at port 80 and you can read the page. What you don’t see is that your PC is using an unused port above 1024 to connect to google, lets say, port 1050, so what really happens is: Your PC opens port 1050 for outgoing traffic, and sends a “Get” request to google’s web server at port 80. The server opens the file and sends it back to your client at port 1050.
A sample with NAT, Connection with a router: [PC1] --> [PC2] -- [Router with NAT] --> [Internet] --> [www.google.com] [PC3] –
Your PC has a valid private IP, and your Router has a valid Public IP Your PC request a page at Google, it uses a port over 1024, lets reuse 1050. The request goes thru your Router, and is translated to your routers public IP, with a new port, lets say the request that reaches google.com is from your routers public IP at port 23050. Google answers back to your routers public IP at port 23050, and it remember that it was your PC, at its Private IP and at port 1050 the request came from and sends the data back to your PC’s Private IP at port 1050.
LFS's default server port is 63392, which means your PC uses a port higher than 1024 and connects to the LFS hosts IP at port 63392. LFS can be set to use any port.
Still hanging on? Lets move on to Security
Security is a BIG issue when connected to the Internet. “Out there” you have hackers and Internet spreading viruses that wants to spoil your fun, it’s just like the demo servers ;) To protect yourself you must use a firewall.
The most common thing is the built in firewall in Windows XP. This is turned on when enabling the Internet connection sharing function. Windows XP SP2 also turns the firewall on by default.
Another common solution is a “Personal Firewall” This is an application you run on your computer. Making sure that only approved programs can access the Internet. The usual way is: when a “new program” request a internet connection, a dialog pops up asking you to grant or deny access, or grant a permanent access.
Another solution is to have an extra “box”, a PC or a “Black box” (black box is a term for a system running a “unknown” OS with a “unknown” firewall).
At home this is most commonly your home gateway. It’s a small box with lots of lights on it. ;) It can also run on a separate PC, using Linux (or other Unix-like OS, FreeBSD is very secure and quite popular), but if you have that solution you probably are no dummy and don’t need to read this guide.
Most external router/firewall solutions come with NAT. The default behaviour of NAT makes sure that NO connections from the outside makes it thru the router, but ANY connection from the inside will be let out.
Problems with the firewall can be hard to diagnose, very often it “just don’t work” with no error messages. You might be able to see blocked traffic in your routers log though, look for message that packet sent to port 63392 (or your chosen LFS port) was blocked.
Still hanging around? Wanna be crazy? Go on to “Security, the tuff stuff” Or just a little bit crazy? Check out, “LFS hosting with a firewall”
Or move on to “why we need port mapping”
Security the tuff stuff ...
WARNING This chapter may make you feel dizzy or fall asleep
The problem with an external firewall is that it doesn’t see which application that is requesting Internet access. It needs rules for the traffic. The first rule is usually “DENY ALL” everything is closed if not a specific rule allows it. New sample: [PC1] --> [PC2] --> [Router with NAT and Firewall] --> [Internet] --> [LFS [email protected] 63392] [PC3] -->
PC1 wants to connect to a LFS host at the Host IP and port 63392. To get this traffic thru the router, the router must have a rule that: Allow PC1 to connect to the LFS host, at its IP address and port 63392.
But, there is not only one LFS host out there so the rule needs an update: Allow PC1 to connect to ANY host at port 63392
And then someone else in your company wants to try LFS, new update: Allow ANY pc to connect to ANY host at port 63392
OK, not too bad. Outbound traffic to a specific port is usually granted already (e.g. to be able to browse the Internet you must be able to use port 80 (http)).
But LFS can use any port and now you will dig a real hole in the firewall: Allow ANY pc to connect to ANY host at ANY port.
Most company firewall operators do not want to use “Any”, as this gives no control. 3x ANY in one line is something you really don’t want. Therefore, playing LFS behind a company firewall can be very hard. Hosting LFS behind a company firewall will usually be impossible...
Allow all out deny all in setup is actually a very good firewall for home use, but if you download a program, lets call it Crack.exe, that really is a small program recording your bank account information, and sending it to a host outside, you will never see it, without a Personal Firewall. But … who runs software downloaded from the net without running a virus-scan? ;)
Lets move on to “Hosting LFS with a firewall”.
LFS Hosting with a firewall
WARNING This chapter is also tuff one...
Because of DENY ALL IN rule, you must set up a rule for your LFS host. Your firewall must let incoming traffic to port 63392 (default LFS, or any other port you decided to use in server configuration) pass thru. Remember that LFS is using both TCP and UDP protocols. The rule will look something like: Allow ANY Source IP to connect to your LFS host IP at port 63392 (using both TCP and UDP).
Some firewalls have problems with UDP. If this is the issue, your host will be visible on the master list, but no one will be able to connect.
I would recommend to disable the personal firewall when testing, especially if you are behind a router with NAT. Just remember to enable it when done testing. (For home users with residential gateways this would mean pulling cables and changing setups. I wouldn’t recommend that. If you are setting up the server behind a home gateway, I guess the best way to test would be to have a friend that you can call and ask to try and connect to your server.)
Problems with the firewall can be hard to diagnose, very often it “just don’t work” with no error messages. You might be able to see blocked traffic in your routers log though, look for message that packet sent to port 63392 (or your chosen LFS port) was blocked.
Now we should be able to understand “why we need port mapping”
Why we need port mapping
When hosting, you want other people to be able to connect to your LFS host. Going back to the Router with NAT example: [PC1] -- [PC2] -- [Router with NAT] <-- [Internet] <-- [Computer running LFS] [PC3] –
The router just blocks all traffic from the outside. So we need to create a port mapping to tell the router that this is traffic we want to deal with. A port mapping tells the router that all traffic from the outside to port 63392 (default for LFS) will be sent to an IP on the inside at port 63392. [PC1] -- [PC2] -- [Router with NAT] <-- [Internet] <-- [Computer running LFS] [PC3] <--
Remember: The port mapping must include both TCP and UDP
How this is set up depends on your router. Most home routers provide a web interface to configure the router; some have a separate program running on your PC for configuration. Some routers also have the possibility to use “telnet” to change the configuration (start – run – cmd – telnet 10.0.0.1 (or 192.168.0.1 or 192.168.1.1 or any other IP address of your router)) Read the manual, check your ISP's faq, ask your ISP.
Most home gateways will let you set them up via web interface. Open your web browser and enter http://192.168.0.1 (or other possible addresses). You will almost certainly be asked for username and password by the router.
If you don’t know the password for your router configuration you have three options: 1) Your password is the default factory one: Check you router manual to find out the default password and change it. 2) Your password is not default one and you never changed it yourself: This is most common with routers that were provided by your ISP as part of the service. ISP sometimes sets their own passwords, so that you cannot change the configuration and complain to customer support about it. You will have to talk to your ISP customer support in that case. 3) You changed your password, but forgot it: This is the worst case. You can reset the password by doing the “hard reset” procedure on router to reset to defaults. DON’T DO THIS UNLESS YOU KNOW ALL ABOUT YOUR ROUTER! Resetting the router means all configuration needs to be entered again.
See the “routers guide” and check if your router is in there.
Problems? LFS is using a very high port. Some routers use a high range for “outgoing NAT”. Some ISPs also reserve these high ports for their internal use. If your router/ISP does this you must: Exclude the “LFS range” from the “outgoing NAT” range or Use a lower port for LFS
Some ISPs force your router to change IP every now and then. This is not good for the clients connected when this happens, but (AFAIK) the LFS host reconnects to the master server and updates its new IP.
Here I have a plan to add guides to set up port mapping on specific routers...
See here how to forward ports on your hardware firewall/router
Netopia 4542 router
D-link 804HV Setting up a LFS Host
Technical background Here I have tried to collect some words about hosting, and LFS..
TCP and UDP in LFS (By Scawen) The TCP connection of course has to work because the in-sync game code relies on TCP, as everything needs to match, and stay in sync.
But the position updates (PosPackets) don't match perfectly, because they are run without delay (there is always "error" in remote car positions - seen as warping - because of inevitable time delay) and that system uses UDP packets because they are quicker but do suffer from packet loss and it's better to forget about ones that didn't arrive and just use the next packet that does arrive). However, guests which are failing to receive UDP packets can request the host to send TCP PosPackets to the guest, and it will do so. But guests *never* send TCP PosPackets to the host.
That's because sometimes guests are behind firewalls and for some reason can't receive UDP packets sent back to them - and another problem that a UDP connection that worked at first can later be "forgotten" by the router for some reason. However, they can always *send* UDP packets to the host, because the host must be properly set up on the internet, so the problem of losing the UDP connection in that direction shouldn't arise.
So... in summary, it can work if the guest can't *receive* UDP packets, in which case it will request the PosPackets to be sent to it in TCP packets, but it must be able to *send* UDP packets because there is no fallback system in that direction.
Ranges used for LAN games (aka. IETF private IP ranges): (By Scawen) These are the ranges :
10.x.x.x 192.168.x.x 172.16-31.x.x
More info: http://www.suse.de/~mha/linux-ip-nat/diplom/
Why other ranges do not work: (by scawen) That's because direct connection is restricted to local networks. It's a security measure so that people who want to play on the Internet must go through the master server (not connect direct by IP, but they can simply connect by “name” to a "hidden" game for the same effect - this stops people with a hacked version being able to happily race over the internet). So I’ve researched the special IP addresses, which are reserved for local networks and allowed direct connection for those addresses.
I don't really know why your network is using addresses outside the reserved IP address ranges. I guess there may be a good reason or else someone just chose the 200.x.x.x range because it sounded good? Don't know much about that really but you might not be able to connect to some "real" IP addresses in that range, and I guess that's why there are some special reserved ranges.