Client can't connect - inbound IP different than outbound


Recommended Posts

I have a handful of servers on the network following the same idea: a single outbound interface w/ separate inbound interfaces tied to the appropriate NAT/firewall rules. Most of the time connections are established only by inbound clients so it's a non-issue.

 

I used this same setup for the dedicated server but I can't get a client to connect properly.

 

I think the issue here is that the dedicated server registers itself, obviously using the outbound IP, and the game cleverly tries to get to the server via that IP, despite the fact that I've used the configured inbound IP in the connection command.

 

More details below.

 

Any thoughts on a workaround other than changing my network setup?

 

Thanks

 

___________________

 

Details:

  1. Confirmed that the UDP traffic is allowed to the machine on the (default) configured port using netcat
  2. Server starts up with no token issues
  3. Server does show up at http://my.jacklul.com/dstservers/
  4. Server does not show up in the game client server browser
  5. Tried connecting manually using c_connect("X.X.X.X", 10999, "password")
  6. Started the server and tried connecting via both LAN and WAN IPs with the same result shown in the log snippet below
[00:00:47]: InitClient X.X.X.206:10999 0[00:00:47]: No server listing found, attempting direct join[00:00:47]: FILTERED[00:00:47]: Attempting to join: SERVER at X.X.X.194:10999[00:00:47]: [200] Account Communication Success (13)[00:00:47]: Server listing has no punchthrough address, connecting directly[00:00:47]: Connecting to X.X.X.194:10999[00:00:57]: Disconnect reasson: ID_CONNECTION_ATTEMPT_FAILED from network layer[00:00:57]: PushNetworkDisconnectEvent With Reason: "ID_CONNECTION_ATTEMPT_FAILED", reset: true
 
Note that I try to hit the WAN IP X.X.X.206:10999 and the client tries to connect on the outbound IP X.X.X.194:10999. Same thing happens if I use the LAN IP
 
[00:01:36]: InitClient 192.168.1.150:10999 0[00:01:36]: No server listing found, attempting direct join[00:01:36]: FILTERED[00:01:37]: Attempting to join: SERVER at X.X.X.X:10999[00:01:37]: [200] Account Communication Success (13)[00:01:37]: Server listing has no punchthrough address, connecting directly[00:01:37]: Connecting to X.X.X.X:10999[00:01:47]: Disconnect reasson: ID_CONNECTION_ATTEMPT_FAILED from network layer[00:01:47]: PushNetworkDisconnectEvent With Reason: "ID_CONNECTION_ATTEMPT_FAILED", reset: true

 

Link to comment
Share on other sites

@ToNiO55, confirmed yes on both of those things.

 

the computer that acts as a server out a IP address statics?

 

Yes it has a static address reservation set at the DHCP server so it will never change.

 

the port in your NAT of your router is open this IP address statics?

 

And, yes, I can connect to the machine on TCP & UDP 10999 on both the internal and external IP addresses. My client machine is off site so it's properly connecting to the server machine over the WAN as well as when I VPN in.

 

I used a utility called netcat to open 10999 on the target machine, then connected from my machine and was able to see chatter flowing back and forth.

Link to comment
Share on other sites

@ToNiO55

 

Thanks for the help. I solved it by changing the network setup. What I was trying to do wasn't going to work.

 

It is kind of the firewall / NAT rules that is causing the issue. Here's what I think is happening:

  1. The router has NAT & firewall rules that specify
    1. Server -> WAN on IP Address A (outbound, grouped with many other servers on a many-to-one)
    2. WAN -> Server on IP Address B (inbound, dedicated to this machine)
  2. The firewall and NAT rules allow incoming on port 10999 TCP/UDP on IP Address B (inbound), but deny incoming to IP Address A (outbound)
  3. The server starts up and registers itself with the DST listing server using IP Address A (the outbound address)
  4. I initiate a connection with the server on inbound IP Address B, server and client do a quick handshake. Server tells the client it doesn't have a punchthrough set up (since it's a dedicated server), so it hands back its IP for the client to directly connect. Which is IP Address A, outbound.
  5. Client then tries to connect on IP Address A outbound and fails because the firewall blocks everything incoming on that shared outbound interface

I'm just guessing here since I don't know the internals of the client, but I was able to sniff some of the traffic and see some of these conversations.

 

Either way, I shifted everything over to a 1-to-1 on the dedicated IP so that outbound and inbound are the same IP. Everything seems much happier with this setup.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Please be aware that the content of this thread may be outdated and no longer applicable.