Client can't connect - inbound IP different than outbound

[elghosterino]

I have a handful of servers on the network following the same idea: a single outbound interface w/ separate inbound interfaces tied to the appropriate NAT/firewall rules. Most of the time connections are established only by inbound clients so it's a non-issue.

 

I used this same setup for the dedicated server but I can't get a client to connect properly.

 

I think the issue here is that the dedicated server registers itself, obviously using the outbound IP, and the game cleverly tries to get to the server via that IP, despite the fact that I've used the configured inbound IP in the connection command.

 

More details below.

 

Any thoughts on a workaround other than changing my network setup?

 

Thanks

 

___________________

 

Details:

1. Confirmed that the UDP traffic is allowed to the machine on the (default) configured port using netcat
2. Server starts up with no token issues
3. Server does show up at http://my.jacklul.com/dstservers/
4. Server does not show up in the game client server browser
5. Tried connecting manually using c_connect("X.X.X.X", 10999, "password")
6. Started the server and tried connecting via both LAN and WAN IPs with the same result shown in the log snippet below

[00:00:47]: InitClient X.X.X.206:10999 0[00:00:47]: No server listing found, attempting direct join[00:00:47]: FILTERED[00:00:47]: Attempting to join: SERVER at X.X.X.194:10999[00:00:47]: [200] Account Communication Success (13)[00:00:47]: Server listing has no punchthrough address, connecting directly[00:00:47]: Connecting to X.X.X.194:10999[00:00:57]: Disconnect reasson: ID_CONNECTION_ATTEMPT_FAILED from network layer[00:00:57]: PushNetworkDisconnectEvent With Reason: "ID_CONNECTION_ATTEMPT_FAILED", reset: true

 

Note that I try to hit the WAN IP X.X.X.206:10999 and the client tries to connect on the outbound IP X.X.X.194:10999. Same thing happens if I use the LAN IP

 

[00:01:36]: InitClient 192.168.1.150:10999 0[00:01:36]: No server listing found, attempting direct join[00:01:36]: FILTERED[00:01:37]: Attempting to join: SERVER at X.X.X.X:10999[00:01:37]: [200] Account Communication Success (13)[00:01:37]: Server listing has no punchthrough address, connecting directly[00:01:37]: Connecting to X.X.X.X:10999[00:01:47]: Disconnect reasson: ID_CONNECTION_ATTEMPT_FAILED from network layer[00:01:47]: PushNetworkDisconnectEvent With Reason: "ID_CONNECTION_ATTEMPT_FAILED", reset: true

 

[ToNiO55]

Hi @elghosterino,

 

it's server dedicated? or listen server?

 

server on other computer? or server in professional host?

[elghosterino]

It's a dedicated server running on a different machine than the client I'm trying to connect with. I'm using the dontstarve_dedicated_server_nullrenderer.exe installed via steamcmd.

 

Thanks!

[ToNiO55]

@elghosterino,

the computer that acts as a server out a IP address statics?

 

the port in your NAT of your router is open this IP address statics?

 

example:

 

 

 

 

[elghosterino]

@ToNiO55, confirmed yes on both of those things.

 

the computer that acts as a server out a IP address statics?

 

Yes it has a static address reservation set at the DHCP server so it will never change.

 

the port in your NAT of your router is open this IP address statics?

 

And, yes, I can connect to the machine on TCP & UDP 10999 on both the internal and external IP addresses. My client machine is off site so it's properly connecting to the server machine over the WAN as well as when I VPN in.

 

I used a utility called netcat to open 10999 on the target machine, then connected from my machine and was able to see chatter flowing back and forth.

[ToNiO55]

@elghosterino,

 

very strange, because for me when I try since my laptop it's works fine

 

are you sure it's not your firewall on other computer block the connection?

 

not possible to see some logs on your router?

[elghosterino]

@ToNiO55

 

Thanks for the help. I solved it by changing the network setup. What I was trying to do wasn't going to work.

 

It is kind of the firewall / NAT rules that is causing the issue. Here's what I think is happening:

1. The router has NAT & firewall rules that specify
   1. Server -> WAN on IP Address A (outbound, grouped with many other servers on a many-to-one)
   2. WAN -> Server on IP Address B (inbound, dedicated to this machine)
2. The firewall and NAT rules allow incoming on port 10999 TCP/UDP on IP Address B (inbound), but deny incoming to IP Address A (outbound)
3. The server starts up and registers itself with the DST listing server using IP Address A (the outbound address)
4. I initiate a connection with the server on inbound IP Address B, server and client do a quick handshake. Server tells the client it doesn't have a punchthrough set up (since it's a dedicated server), so it hands back its IP for the client to directly connect. Which is IP Address A, outbound.
5. Client then tries to connect on IP Address A outbound and fails because the firewall blocks everything incoming on that shared outbound interface

I'm just guessing here since I don't know the internals of the client, but I was able to sniff some of the traffic and see some of these conversations.

 

Either way, I shifted everything over to a 1-to-1 on the dedicated IP so that outbound and inbound are the same IP. Everything seems much happier with this setup.