• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Need expert help with issue navigating firewall

Almo

Masterblazer
Almo
Joined
Aug 30, 2005
Messages
6,846
Location
Montreal, Quebec
Hi!

Here's the deal. I have a Quake 3 server on my computer at home. I can reach it from work, because the port I have it running on is not blocked here.

Some friends work at a company with a lot of ports blocked (almost all). But people there can play Steam games as well as Starcraft II, which requires some ports to be opened.

My understanding is that an open port is an open port, and that if I set up Q3 to run on one of the Steam ports, that should mean people at that company can play Q3 on my server if they put in the right port number.

This does not appear to work. I tried port 27000 because it supposedly is for game client traffic:

https://support.steampowered.com/kb_article.php?ref=8571-GLVN-8711

Does anyone here know how I could get this working?
 
Ah, I see what you mean.

I think Starcraft II uses peer-to-peer networking, so if people can play SCII, then they should be able to connect to random peoples' computers. But that's definitely a test I need to have one of them run. (Might already have; will check).
 
Ping will need to work, of course, but that is not enough.

Ping operates at layer 3, and you will need layer 4 connectivity (TCP and UDP)

There are most likely two firewalls involved - your home firewall and the firewall at the business. If you have successfully configured your game server to listen on port 27000, your home firewall will need to be configured to allow traffic inbound to the server on port 27000, and the business firewall will need to allow traffic outbound to port 27000 on the Internet.

Finally, they'll need to configure their game client to access the server on port 27000.

To test, they can run the following command from the command line:

telnet servername 27000

They should connect and not get any error messages.
 
sir drinks-a-lot said:
Ping will need to work, of course, but that is not enough.

Ping operates at layer 3, and you will need layer 4 connectivity (TCP and UDP)

There are most likely two firewalls involved - your home firewall and the firewall at the business. If you have successfully configured your game server to listen on port 27000, your home firewall will need to be configured to allow traffic inbound to the server on port 27000, and the business firewall will need to allow traffic outbound to port 27000 on the Internet.

Finally, they'll need to configure their game client to access the server on port 27000.

To test, they can run the following command from the command line:

telnet servername 27000

They should connect and not get any error messages.
Click to expand...

Home firewall is fine, since I am able to connect and play from my place of work. So there should be no issue navigating my home firewall/router from the outside.

I posted a link to Steam's help about this. As far as I can tell, if people at the business can play Steam games, that should mean 27000 is open for TCP/UDP in and out. Or am I wrong about this?
 
Almo said:
Home firewall is fine, since I am able to connect and play from my place of work. So there should be no issue navigating my home firewall/router from the outside.
Click to expand...

Yes, you are correct. I missed this in your previous post.

I posted a link to Steam's help about this. As far as I can tell, if people at the business can play Steam games, that should mean 27000 is open for TCP/UDP in and out. Or am I wrong about this?
Click to expand...

You are correct (assuming Steam games run on port 27000). TCP and UDP ports on the business firewall only need to be opened outbound, the replies will automatically be allowed.

Again, if they can run the following command substituting the name or Ip of your server in the place of SERVERNAME, you will see if they have the proper access. (You can see the correct result by trying from a system on yoor home network, even the game server itself)

telnet SERVERNAME 27000
 
The first thing to check is if they are going through a proxy. A lot of companies only allow access to the outside world through a company proxy server.

The proxy server is then configured to allow certain addresses and ports.

If they have 2700 open and this can be confirmed with tools like tcpview then most likely steam is negotiating the proxy for them. If not they might need a port forwarding utility which is able to open connections through a proxy server.
 
Oh, I bet that's it. Ok, I've sent the Q3 proxy commands to my pals. We'll see in a day or two if that works. Thanks!
 
Thanks Sir DaL!

I am just learning about this stuff.

Almo does their workplace allow this?

At my employer they really would frown on this behavior.
 
I worked there for 6 years. I don't think anyone would get upset by someone using the proxy to play a game through a port that has been opened so people can play games. It's a game development studio, after all. :)

The only oddness is that the port was opened for a different game (or games, since it's Steam).
 
Why can't they just ask for some more ports to be opened. For a 'new game they are developing'?
 
The studio has over 2400 people. The IT department is VERY picky about the firewall, and a producer would have to approve such a request.

The only reason Steam and Blizzard games were opened was to prevent piracy within the studio. People wanted to play Starcraft II with each other, and since SC2 requires an always on network connection, they would have started getting pirated copies to play.

The first to be opened like this was Steam for Team Fortress 2.

So I'm just piggy-backing the Q3 traffic on top of ports already opened. Plus if the traffic all goes through the proxy, the IT guys can see it and complain if they see fit.
 
Ok, from the last post in this thread:

http://openarena.ws/board/index.php?topic=3882.0

The engine tries to connect but it fails.

Openarena Log :
...
SSE support is 2
--- Common Initialization Complete ---
IP: 127.0.0.1
IP: [..OMISSIS..]
IP6: ::1
IP6: [..OMISSIS..]eth0
Opening IP socket: 0.0.0.0:27960
Opening connection to SOCKS server.
NET_OpenSocks: request denied: 1
...

Socks server log :

...
Aug 13 20:10:04.021 [warn] socks5: command 3 not recognized. Rejecting.
Aug 13 20:10:04.021 [warn] Fetching socks handshake failed. Closing.
Aug 13 20:13:06.231 [warn] socks5: command 3 not recognized. Rejecting.
Aug 13 20:13:06.231 [warn] Fetching socks handshake failed. Closing.
Aug 13 20:19:47.309 [warn] socks5: command 3 not recognized. Rejecting.
Aug 13 20:19:47.346 [warn] Fetching socks handshake failed. Closing.
Click to expand...

It looks like Q3's socks implementation is too old to work with modern proxies.
 
Almo said:
Ok, from the last post in this thread:

http://openarena.ws/board/index.php?topic=3882.0



It looks like Q3's socks implementation is too old to work with modern proxies.
Click to expand...


Well, the person who posted that, said this "...As I said the parameter should be passed by commandline to get them work : basically I've set up a socks server on the other PC in my local network with no authentication."

But the output shows that the q3 engine is trying to connect on 127.0.0.1 which is the local address or loopback address of the machine itself. It is not connecting to another computer on the local network. So far, if that log is accurate, it's a problem with setting up the test LAN and not the q3 engine.

Normally, you'd have a 192.168.x.x LAN address to connect to for testing purposes. My PC on my home LAN is 192.168.0.4. The laptop is 192.168.0.5, so if I set up a test server on the laptop, I'd have to have my target IP address be 192.168.0.5.
 
Last edited:
Almo said:
Hi!

Here's the deal. I have a Quake 3 server on my computer at home. I can reach it from work, because the port I have it running on is not blocked here.

Some friends work at a company with a lot of ports blocked (almost all). But people there can play Steam games as well as Starcraft II, which requires some ports to be opened.
·
·
·​
Does anyone here know how I could get this working?
Click to expand...


Perhaps you should, instead of playing games while you are at work, try something unusual, such as, well, you know, actually doing the work you are being paid to do?
 
Bob Blaylock said:
Perhaps you should, instead of playing games while you are at work, try something unusual, such as, well, you know, actually doing the work you are being paid to do?
Click to expand...

You're just as silly here as you were in foxholeatheist's thread. We play Quake 3 at lunch. Some people like to go outside and walk around. Some read a book. We play games, because we are gamers. I am not paid for the hour that is my lunch break, so I can do what I please with it.

So you can take your sanctimonious comments elsewhere.
 
You must log in or register to reply here.

Back
Top Bottom