RE: [leaf-user] NAT Trouble
Sounds good to me. Forgive me but I'm not a linux guru at all could you please explain how to forward all packets to his machine??? Sorry for my ignorance. --- S Mohan [EMAIL PROTECTED] wrote: Looks like a single port application. I do not know if netfilter NAT (for udp) does PAT. I guess that might be a source of the problem as stated here. On the other hand Linux routing is very sophisticated. If such a behaviour is bad implementation, I do not think Linux would have this implementation. In any case, if your son is the only one using this application, why not try forwarding all packets coming to that udp port to his local IP? Mohan -Original Message- From: Mike Koceja [mailto:[EMAIL PROTECTED] Sent: Sunday, August 03, 2003 10:58 AM To: S Mohan Cc: leaf Subject: RE: [leaf-user] NAT Trouble This is a bit windy but I have attached the documentation from the site in question. --- Kali uses peer-to-peer instead of client-server technology. There are many reasons for this setup including efficiency, performance, and LAN emulation requirements. In any case, peer-to-peers means that your PC directly communicates with every other PC connected to your game lobby or chat server instead of only communicating directly with the Kali Servers. In a normal (non-NAT setup) Kali will send and receive all data on a single port. A port is a simple way TCP/IP uses to allow different applications to use the same connection without getting data mixed up. Kali, by default, uses UDP port 2213. That means that anything sent to your PC and labeled with port 2213 will be sent to the Kali application. This allows any user on Kali to send data to your PC by referring to your Internet IP# and the Kali port number. With NAT, your PC must share that ip# with other PCs on the LAN. If two PCs on the LAN both tried to use the same port, communications would get totally mixed up. Data that was supposed to go to one PC would go to both PCs and it would be impossible to communicate properly. NAT systems solve this problem by translating the port numbers so that the rest of the internet sees each PC on a different port. Usually this solution works, but sometimes the NAT system behaves poorly and causes trouble. One common example of bad NAT behavior is only allowing one connection at a time on a port. UDP is supposed to be connectionless. You should be able send and receive packets from one port to any number of other PCs, but these poorly designed NAT systems make the assumption that like TCP, UDP must be only allowed to communicate with one other PC on any given port. This is simply wrong and what happens in Kali depends on how the router handles this. Some routers will create new NAT ports for each PC you communicate with which cause all sorts of strange behavior in Kali. Other NAT systems simply block the other clients and causes Kali to have trouble communicating. What can you do? If Kali works on one PC, but fails when more than one PC uses Kali at the same time, the fix may be simple. No matter what the problem, it's always a good idea to set each PC to use a different port in Kali and avoid conflicts on the NAT system. By doing this you can prevent most of the NAT related problems since the port contention no longer becomes a factor. To change the port, run Kali, go to the File menu, select Settings, click the Advanced tab and enter a value next to Local Port. Each PC on the LAN should have a different port in Kali. Just use numbers like 2213, 2214, 2215, etc. Another common setting that can usually help involves enabling the Special NAT Processing in Kali. You can do this under the Proxy settings (File menu, Settings, Proxy). In some cases you may need to manually enter the local ip# of the other PCs on the LAN, but usually this isn't necessary. After doing both of the above, if you still have trouble, check to see if your router allows static port mappings or pin holes. If so, for each PC, add it's local ip# and the port you setup in Kali for that machine. Each PC needs to have it's own pin hole or static mapping with a unique IP# and port. Be sure to setup these entries with UDP ports and not TCP (selecting both is ok, as long as UDP is selected). -- Does this help? --- S Mohan [EMAIL PROTECTED] wrote: Maybe this app requires more than one port like H323. Port forwarding might then solve the problem. Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ray Olszewski Sent: Sunday, August 03, 2003 5:22 AM To: leaf Subject: Re: [leaf-user] NAT Trouble At 03:29 PM 8/2/2003 -0700, Mike Koceja wrote: I have another problem. My son is trying to access an online gaming site
RE: [leaf-user] NAT Trouble
Assuming you are running Bering with Shorewall, your son machine IP is 192.168.1.3 and is on 'loc' subnet, then try to add the following line into /etc/shorewall/rules DNATnet loc:192.168.1.3:2213 udp 2213 - then restart shorewall M Lu. From: Mike Koceja [EMAIL PROTECTED] To: S Mohan [EMAIL PROTECTED] CC: leaf [EMAIL PROTECTED] Subject: RE: [leaf-user] NAT Trouble Date: Sat, 2 Aug 2003 23:23:08 -0700 (PDT) Sounds good to me. Forgive me but I'm not a linux guru at all could you please explain how to forward all packets to his machine??? Sorry for my ignorance. --- S Mohan [EMAIL PROTECTED] wrote: Looks like a single port application. I do not know if netfilter NAT (for udp) does PAT. I guess that might be a source of the problem as stated here. On the other hand Linux routing is very sophisticated. If such a behaviour is bad implementation, I do not think Linux would have this implementation. In any case, if your son is the only one using this application, why not try forwarding all packets coming to that udp port to his local IP? Mohan -Original Message- From: Mike Koceja [mailto:[EMAIL PROTECTED] Sent: Sunday, August 03, 2003 10:58 AM To: S Mohan Cc: leaf Subject: RE: [leaf-user] NAT Trouble This is a bit windy but I have attached the documentation from the site in question. --- Kali uses peer-to-peer instead of client-server technology. There are many reasons for this setup including efficiency, performance, and LAN emulation requirements. In any case, peer-to-peers means that your PC directly communicates with every other PC connected to your game lobby or chat server instead of only communicating directly with the Kali Servers. In a normal (non-NAT setup) Kali will send and receive all data on a single port. A port is a simple way TCP/IP uses to allow different applications to use the same connection without getting data mixed up. Kali, by default, uses UDP port 2213. That means that anything sent to your PC and labeled with port 2213 will be sent to the Kali application. This allows any user on Kali to send data to your PC by referring to your Internet IP# and the Kali port number. With NAT, your PC must share that ip# with other PCs on the LAN. If two PCs on the LAN both tried to use the same port, communications would get totally mixed up. Data that was supposed to go to one PC would go to both PCs and it would be impossible to communicate properly. NAT systems solve this problem by translating the port numbers so that the rest of the internet sees each PC on a different port. Usually this solution works, but sometimes the NAT system behaves poorly and causes trouble. One common example of bad NAT behavior is only allowing one connection at a time on a port. UDP is supposed to be connectionless. You should be able send and receive packets from one port to any number of other PCs, but these poorly designed NAT systems make the assumption that like TCP, UDP must be only allowed to communicate with one other PC on any given port. This is simply wrong and what happens in Kali depends on how the router handles this. Some routers will create new NAT ports for each PC you communicate with which cause all sorts of strange behavior in Kali. Other NAT systems simply block the other clients and causes Kali to have trouble communicating. What can you do? If Kali works on one PC, but fails when more than one PC uses Kali at the same time, the fix may be simple. No matter what the problem, it's always a good idea to set each PC to use a different port in Kali and avoid conflicts on the NAT system. By doing this you can prevent most of the NAT related problems since the port contention no longer becomes a factor. To change the port, run Kali, go to the File menu, select Settings, click the Advanced tab and enter a value next to Local Port. Each PC on the LAN should have a different port in Kali. Just use numbers like 2213, 2214, 2215, etc. Another common setting that can usually help involves enabling the Special NAT Processing in Kali. You can do this under the Proxy settings (File menu, Settings, Proxy). In some cases you may need to manually enter the local ip# of the other PCs on the LAN, but usually this isn't necessary. After doing both of the above, if you still have trouble, check to see if your router allows static port mappings or pin holes. If so, for each PC, add it's local ip# and the port you setup in Kali for that machine. Each PC needs to have it's own pin hole or static mapping with a unique IP# and port. Be sure to setup these entries with UDP ports and not TCP (selecting both is ok, as long as UDP is selected). -- Does this help? --- S Mohan [EMAIL PROTECTED] wrote: Maybe this app requires more
Re: [leaf-user] NAT Trouble
At 03:29 PM 8/2/2003 -0700, Mike Koceja wrote: I have another problem. My son is trying to access an online gaming site and is running into a brick wall. The site requires UDP port 2213 which I opened up with no trouble. Whoever when he connects he gets the following error message... Your internet address changed! It was 4.47.177.158:62146, but now it appears to be 4.47.177.158:62156. This is a problem usually caused by a bad or improperly configured NAT setup. What do I need to do to correct this problem? Is this really an error message and not just an informational one? That is to say, does the game then fail to operate properly? If the game goes on to work, my own inclination would be to ignore the site's whining. But assuming it is really an error message, what instruction does the site (or its companion URL) provide about how to configure access through a NAT'ing router? The message by itself is simply too lean in content to figure out what they want from you. I'd **guess** that the game client at your end runs using a particular port, not just any available port. If so, you **may** need to port-forward that port through the LEAF router rather than simply use the standard NAT'ing code to handle it (since that code will not use the same external support every time you access the site). Really, your best bet is to look more closely at the game site. These guys want their systems to work through NAT, so they usually provide good instructions about what you need to do to make it work. Once we know what they want, translating it into LEAF terms will probablty not be hard, and surely we can help with that part if you need it. BTW, I'm assuming here that 4.47.177.158 is your external IP address. If not ... if, say, your ISP does some further NAT'ing upstream of you ... then fixing this may be more of a challenge. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] NAT Trouble
Maybe this app requires more than one port like H323. Port forwarding might then solve the problem. Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ray Olszewski Sent: Sunday, August 03, 2003 5:22 AM To: leaf Subject: Re: [leaf-user] NAT Trouble At 03:29 PM 8/2/2003 -0700, Mike Koceja wrote: I have another problem. My son is trying to access an online gaming site and is running into a brick wall. The site requires UDP port 2213 which I opened up with no trouble. Whoever when he connects he gets the following error message... Your internet address changed! It was 4.47.177.158:62146, but now it appears to be 4.47.177.158:62156. This is a problem usually caused by a bad or improperly configured NAT setup. What do I need to do to correct this problem? Is this really an error message and not just an informational one? That is to say, does the game then fail to operate properly? If the game goes on to work, my own inclination would be to ignore the site's whining. But assuming it is really an error message, what instruction does the site (or its companion URL) provide about how to configure access through a NAT'ing router? The message by itself is simply too lean in content to figure out what they want from you. I'd **guess** that the game client at your end runs using a particular port, not just any available port. If so, you **may** need to port-forward that port through the LEAF router rather than simply use the standard NAT'ing code to handle it (since that code will not use the same external support every time you access the site). Really, your best bet is to look more closely at the game site. These guys want their systems to work through NAT, so they usually provide good instructions about what you need to do to make it work. Once we know what they want, translating it into LEAF terms will probablty not be hard, and surely we can help with that part if you need it. BTW, I'm assuming here that 4.47.177.158 is your external IP address. If not ... if, say, your ISP does some further NAT'ing upstream of you ... then fixing this may be more of a challenge. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html