Jump to content

Anybody running on CGN w/ non-standard open ports?


Recommended Posts

Cheers, does anyone here have experience running DST server on a CGN connection? Are you able to get other players to connect directly to your server (assuming you have PCP or something similar available to open ports to your host)?

Spoiler

I've switched to using an internet service with IPv6 connectivity, which comes with the drawback of providing IPv4 connectivity via CGN, and therefore sharing the 64k port range with many other subscribers. The forwarding configuration is done with PCP, where I can request a certain port, and the CGN may respond with a suggestion of a different, available port. From my testing over the week I've had it, I'm only able to get port within the 1000-2000 range. Getting anything outside the 1000-2000 range seems impossible, and even within the range it's not rare to get DENIED on randomly-picked numbers. (The aggregation ratio is STRONG with one...). So I opened 2 ports (1433 and 1914), for forest and caves to use for player connections.

TL;DR: I'm only able to open ports on my public IP address within a limited range, about 1000-2000. I've verified connectivity through the ports opened this way with a simple netcat test, and observing traffic with tcpdump shows that I am receiving traffic on the selected ports on the machine that's running DST.

When configured with these ports, the cluster shards execute normally, and connecting a client from a local network using c_connect works fine (I'm using c_connect because the LAN lobby doesn't find the server due to the freaky port, and going through the global lobby connects me via a proxy, so screw that.)

What's annoying however, is that a friend is unable to make get the direct connection to work at all (also using c_connect()). Packet capture on the DST server' host shows his packets getting through, but the game is just not responding to any of them. The packet capture also reveals a LOT of other traffic (from other IPs on the internet) coming in at that port (roughly 1 every 0.8 seconds, apparently continuously. Wireshark tells me it's all "RakNet Unconnected Ping", so my guess is these are other players in lobby testing connectivity to my server. The game does not respond to any of these, either.

Any suggestions how to resolve/troubleshoot this issue?

The server is used by just us - 2 players, so if there's a way to prevent the server from showing up in the global lobby (while keeping skin drops enabled) I'd take that to at least reduce the burden of pings from other strangers. Failing that, I'll look into firewalling the server and blocking every IP except my friend's from reaching DST, in the hope that the server's lack of responses is due to the high traffic.

Link to comment
Share on other sites

Port 1433 is the port of the Microsoft SQL Server According to google, and there seem to be vulnerabilities on it. So the incoming traffic might be people trying to hack into said Microsoft SQL Server on said port... Which your DST Server has no idea what to do with. Using a different port might eliminate the excessive requests.

As for the Connectivity of your friend, ~1 request every 0.8 Seconds shouldn't matter at all. There seems to be a little other network stuff going on. I'll start with a very basic question: Did you set up your default route correctly (on the server that runs the DST server)? Cause it sounds like the server has no idea where to send the packages as an answer.

As long as your server is passworded, I wouldn't worry about other players trying to enter it, as there's such an abundance of passworded servers, that your server will just be one in the masses that noone cares to attack.

Link to comment
Share on other sites

 

On 8/10/2021 at 8:54 AM, Daniel86268 said:

Port 1433 is the port of the Microsoft SQL Server According to google, and there seem to be vulnerabilities on it. So the incoming traffic might be people trying to hack into said Microsoft SQL Server on said port... Which your DST Server has no idea what to do with. Using a different port might eliminate the excessive requests.

I did change the port just to move to something that isn't a well-known port. The incoming traffic was pretty much the same (same volume, all same-sized RakNet packets, same "various" IP addresses) - soon after the server started on a new port.

What I think actually solved the problem was going to the server host directly (as opposed to SSH-ing in), noticing that firewall was enabled and was in "public mode" :wilson_facepalm: Totally forgot about this thing, didn't even have the usual rules loaded up. Either way, this would have required attention due to the port change.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Please be aware that the content of this thread may be outdated and no longer applicable.

×
×
  • Create New...