>>In the e-mail I posted below you even stated so yourself it works that way.
I don't see this email, what are you referring to? What I said is exactly what happens. If you don't believe me, try it yourself. I've done it many times. If anyone wants to see this in action, when I get home tonight I'll un-forward my ports and start an hlds server behind my router with no forwarded ports. It will work exactly like I said it will, clients will see me on the Steam list, and they will be able to join and play. Steam will show my port as 12345 or something like that, not 27015. Most consumer grade routers, and probably a lot of commercial routers also, do not validate the ip address of incoming packets. Technically, that is the responsiblity of the firewall. An outgoing request results in an entry in the routers address translation table. This entry stores the internal computers non-routable IP address and port. At this point, ANY incoming packet goes into the router. The router looks at the destination port of the incoming request, checks the address translation table to see if there is a matching entry and either drops that packet if there is no matching entry, or sends it through if there is a matching entry. Technically, we just did PAT (Port Address Translation). The router does not care where this packet comes from, and does not care that it came from an IP other then the one that I sent my original outgoing packet to (Netgear's problem is their address translation table only holds about 256 entries, where most other routers will hold thousands.). Again, that is the responsbility of the firewall. RFC1631 doesn't really specify whether or not the ip of incoming packets is validated or not, I'm guessing that is up to the manufacturer to decide, but many if not most consumer grade routers don't do this. That is what the firewall is for. In your firewall, you can specify source and destination ports and IP address, and any packets from other IP address into the port will be dropped. I once started my HL server but forgot to forward ports. I had traffic as usual, but one of my regulars asked me why the server was on this weird port. That is when I discovered that I forgot to forward any ports. If what you said was true, this would not work and I would not have had any traffic. ----- Original Message ----- From: "Chance Sullivan" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, December 30, 2004 10:09 AM Subject: RE: [hlds] Help Help, > Yes, this is router 101, but your not getting that what your saying does not > happen with NAT unless a port is forwarded/redirected. It doesn't work the > way you are saying. NAT is not designed to work like that. NAT Keeps states > and that means that only the ip where the port is opened to will be able to > send data back through, otherwise every router out there would get hacked > and it would be a security nightmare. In the e-mail I posted below you even > stated so yourself it works that way. So Which is it? > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of OoksServer > Sent: Thursday, December 30, 2004 11:23 AM > To: [email protected] > Subject: Re: [hlds] Help Help, > > No no no no no. Come on, guys, this is router 101 we are talking about, not > rocket science. If you are using Linksys or Netgear or any one of several > low end consumer grade crap routers with NAT (and many higher end routers > also), you do NOT need to open any ports to get this to work. Read my > previous post. HLDS will first send a packet out on local port 27015 to the > master server. If you have NAT in the way, NAT will translate the port ( say > to 12345) and open port 12345, translating internal port 27015 to external > port 12345. The master server sees you on port 12345. The steam list and > other server browsers publish you on port 12345. Clients connect to you on > port 12345. Your router has opened port 12345, and translates it back to > local port 27015. > > My client looks at the Steam list, sees Joe Blows server on port 12345. My > client tries to connect to Joe Blow on port 12345. Joe Blows router takes my > packets coming in on port 12345 and sends them to Joe Blows server on port > 27015. Joe Blows server is listening on port 27015 and accepts packets being > sent from me. Joe Blows server sends packets out on port of 27015. His > router grabs these packets and finding that is has already translated > internal port to 27015 to external port 27015, it sends it to me at port > 12345. I frag Joe Blow, life is good. > > You don't need to "punch holes" through NAT to get hlds to work. The only > reason you "punch holes" is for clients that expect a specific port to be > open, such as a web server on port 80 or an FTP server on port 21. Half-Life > clients do not expect any specific ports to be open. They look at the master > list to see what port is actually open, and use that port. > > I have proved this to work on Netgear RP614V2, Linksys BEFSR41, WRT54G, > WRT54GS, Westell 2100, Cisco 678 and some other crap Netgear router. Many > many of use here have likewise shown that this works. Most NAT routers work > the same way in that an outgoing request opens up a port and stays open so > long as there is traffic. When there is no traffic on the port, it will time > out after a while and close. I once set my Cisco 678 timeout to 10 seconds > to see what would happen, and everything went to crap LOL - don't set > timeout to 10 seconds! > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
