Slashdot Mirror

← Back to Stories (view on slashdot.org)

Playing Games Behind IP Masquerade?

Posted by Cliff on from the breaking-thru-the-firewall dept.

Accipiter asks: "I've configured an internal network to use a Linux box as a gateway using IP Masquerading, and it works beautifully -- except for some off-the-wall things. Recently, I installed Total Annihilation on a Windows box behind the firewall, and I found that it can't connect to other games on the boneyards server (Total Annihilation's Multiplayer setup). How does one configure networked games (specifically TA) on the INSIDE of a network to use servers out on the net?" Most of this is handled in the IP Masquerading HOWTO in particular section 7.22 and the section, appropriately titled, Game Clients. (Read More)

The main problem with Linux IP Masquerading is that, for a few games, you must forward specific ports to a single game machine. This is contrary to programs like Wingate, which implements Internet sharing for Windows for the whole internal network.

Is anyone working for some kind of redirection protocol for Linux that would remove this restriction and allow all masqueraded machines to play games without the need to redirect to a single machine?

You might also want to check out the Masq Apps page, which lists a cornucopia of games and how to get them working with IP Masquerading.

11 of 88 comments (clear)

  1. RTFMs by Nemesys · · Score: 3

    If most of it is handled by the HOWTOs and Masq App, why bother posting
    the story? ;)

    1. Re:RTFMs by Syberghost · · Score: 3

      Ok, but that still doesn't explain why people don't type their query into Google or Altavista or even DejaNews before spewing it as an Ask Slashdot.

      Or, for that matter, why the editors don't send the above sentence back to the submitter instead of posting the lame question.

      UTFSE; Use The Freakin' Search Engines.

    2. Re:RTFMs by g0del · · Score: 4

      The problem is, the HOWTOs and the masq app don't explain how to get all games to work - and for many games, the only way to get them to work is to forward the ports to a single machine, making it impossible for others behind the NAT box to play the game.

      For instance, my wife and I could both play quake or quake3 at the same time on the net from behind my NAT box with no problems. But it is impossible for us both to play Diablo at the same time. It has to be one machine or the other, and I would have to change the port forwarding rules to do that.

      And as for saying the game coders should get it right, Blizzard programmers have said that they did, and Linux gets it wrong. I just looked for the link and couldn't find it, but they claimed the linux masq worked great for tcp games, but didn't handle udp masquerading properly. They then said that the only proxy that worked was WinGate. I don't know what WinGate does that other programs don't, but it would be nice to know so linux could get it.


      G0del

    3. Re:RTFMs by hedgehog_uk · · Score: 3

      You obviously haven't tried to do it, have you?

      It's not that simple. There's some good information in the HOWTO's, man pages and on the web, but putting it together and getting it to work is another matter. There's no single document that explains how to do it and it's tricky stuff to get right. I wish I'd kept the scripts I wrote to do it when I got rid of the machine I was using as a firewall.

      HH

      Yellow tigers crouched in jungles in her dark eyes.

      --
      Yellow tigers crouched in jungles in her dark eyes.
      She's just dressing, goodbye windows, tired starlings.
  2. Allow me to elaborate by Accipiter · · Score: 4
    I've seem to have discovered that many people have viewed my question as vague.

    First off, to all you people saying "Read the HOWTO", let's make one thing clear. That was the first thing I did. As a matter of fact, I've read it *several* times over looking for the answer to my question. If it helped, I wouldn't need to ask. (The HOWTO is what got my Masq setup working in the first place. If I didn't read it, I wouldn't be using it.)

    Secondly, I have tried the port forewarder as well as the rulesets. None work. From extensive browsing of the boneyards site, I've found that Total Annihilation's Boneyards must allow ports 47624, and 2300-2400 for both TCP and UDP, as well as 9110 and 9113 for TCP. (P.S.: The instructions on the Masq Apps Page pertaining to Total Annihilation do NOT work with Boneyards. I've tried.)

    So after firing e-mail back and forth from Cavedog, and extensive trial and error, I have still not been able to do this. So I ask Slashdot. Then I get a bunch of people telling me to "Read the Manual.' Sorry folks, if it was that easy it wouldn't be an issue.

    -- Give him Head? Be a Beacon?

    --

    -- Give him Head? Be a Beacon?
    (If you can't figure out how to E-Mail me, Don't. :P)

  3. Microsoft DirectPlay and Masquerading by Zoid · · Score: 5

    I'm a huge fan of Total Annihilation actually and would love to play it online more often. But I had the same problem--it didn't work through masquerading.

    The entire reason the majority of Win32 based games is they depend on DirectPlay. To put it bluntly, DirectPlay is probably the most badly designed protocol I've ever seen.

    It has no concept of firewalls, it opens up random port numbers and does double connections between hosts. Its just evil badness.

    I've searched and disassembled and tried to figure out how it works so I could write an ip_masq_directplay module for the kernel, but I couldn't find any decent specifications.

    If DirectPlay supported something like SOCKS, this wouldn't be an issue.

    I eventually gave up on playing directly, but there are other solutions to play the game online:

    1. MPlayer is a free service and they use a front end to the game. You can play matches with TA on MPlayer. They overload the protocol that TA uses and work fine through Masquerading.

    2. Kali works prefectly with Masquerading. For TA, Kali emulates itself as a IPX driver that DirectPlay runs over (I believe). Kali works with just about everything. It was also nice to see Kali fire up and immediately tell me I was using NAT and figured out its translated address automatically.

    I gave up trying to play TA on Boneyards. I emailed one of the guys at Cavedog (Rick Lambright) and talked specifically about NAT issues. We talked about TA and its dependancy on DirectPlay and that its pretty much screwed in getting it fixed. Kingdoms suffered the same fate.

    Cavedog has been disbanded (or extremely downsized) so I'm not sure what the status would be now if anything can be down.

    The best solution is to convince someone at the assimilation headquarters at Microsoft to add NAT support (or something like SOCKS) to DirectPlay. If that was added, it could retroactively make ALL DirectPlay games work.

    --
    /// Zoid.
    1. Re:Microsoft DirectPlay and Masquerading by Pulzar · · Score: 5

      I've found the following setup for DirectPlay, Game Zone, Mplayer, and Boneyards somewhere on the web, and it has worked well for me.. You can join and play any DirectPlay games, but you can't serve them. (At least, I couldn't get it to work).

      I remember reading a note that came with this, saying that you need DirectPlay 6+ for this to work, since the previous versions use random port numbers.

      This is a part of the Sygate apprule file, but you should be able to convert it to whatever you need..

      # DirectPlay, Game Zone, Mplayer, Boneyards - Modification tested on 8/16/99
      # Most of DirectPlay games use this rule
      :INIT "DirectPlay"
      OUT TCP 47624 47624 0.0.0.0 0 R
      :SUB
      IN TCP 47624 47624 0.0.0.0 0 0 AD
      IN UDP 2300 2400 0.0.0.0 0 0 AD
      IN TCP 2300 2400 0.0.0.0 0 0 AD
      OUT UDP 2300 2400 0.0.0.0 0 D
      OUT TCP 2300 2400 0.0.0.0 0 D
      IN TCP 9110 9110 0.0.0.0 0 0 AD
      OUT TCP 9110 9110 0.0.0.0 0 D
      IN TCP 9113 9113 0.0.0.0 0 0 AD
      OUT TCP 9113 9113 0.0.0.0 0 D
      IN TCP 28800 29000 0.0.0.0 0 0 AD
      OUT TCP 28800 29000 0.0.0.0 0 D
      IN UDP 8000 9000 0.0.0.0 0 0 AD
      IN TCP 8000 9000 0.0.0.0 0 0 AD
      OUT UDP 8000 9000 0.0.0.0 0 D
      OUT TCP 8000 9000 0.0.0.0 0 D
      :END

      --
      Never underestimate the bandwidth of a 747 filled with CD-ROMs.
  4. Re:Yeah, but the big problem is... by alhaz · · Score: 3

    The actual fix is to get off your duff and write a helper module for your game.

    The one-machine limitation for many games is there because the game essentially runs as a daemon, and needs other computers to be able to connect to it.

    If you have a good enough understanding of the protocol, it should be possible to write a masq module that will appropriately mangle the outgoing packets and appropriately route the incoming packets.

    ipmasq module work has pretty much dropped off at this point as most authors are concentrating on the netfilters implementation in 2.4.

    The real problem, of course, is having a deep understanding of the protocol. This isn't hard to come by if you don't mind signing an NDA, but signing that NDA will pretty much keep it out of the linux kernel source.

    Maybe game makers can be encouraged to release protocol specs? Or better yet, maybe they can be encouraged to make their protocols RFC1918 compliant.

    --
    This is just like television, only you can see much further.
  5. Yeah, but the big problem is... by Denor · · Score: 3

    ... the single-box limitation.

    I've seen a few people pointing toward the howto, and saying that it's the definitive answer. Only, the big problem is that Linux's IP masquerading only forwards ports to one specified machine. It's hardcoded in the setup file that you create.
    A good workaround that I've yet to actually try would be to write a shell script on the gateway machine that changes where it's forwarding the ports to, so that more than one machine could take advantage of the feature.
    This does not, however, take care of another problem - while it could be made relatively easy to change which machine on the internal net gets the ports forwarded to it, the port forwarding still only works for one machine at a time.
    If there are ways around this, I'd love to know. Me and my roomates have been itching to try this cable modem out on Battle.net for quite some time now. :)

    --
    -Denor
  6. seriously read the HOWTO... by jallen02 · · Score: 3

    It will tell you how to just re direct requests to whatever machine and all.. Its not even hard :)

  7. Other resources worth checking out by spaceorb · · Score: 4

    Masq Applications (which doesn't appear to be up at the moment) has an index of all known workarounds and fixes to using software and games behind an ipmasq box. I've had a tough time getting everything working right until I checked it out, so it's definately worth a visit.