That's interesting. I didn't think duplicate sockets were allowed on any TCP/UDP/IP platform. Please correct me if I am mis-informed here.... I am of the understanding that an open socket is a combination of host IP address and port#, and that each socket must thus be unique because of this combination. Thus, if what you say is true, how is that 678 able to differentiate one open socket from another?
In other words, internal NAT client A at 192.168.100.100 opens UDP port 27005 to, say internet host 209.41.98.2 on port 27017. Now, say internal NAT client B at 192.168.100.101 opens UDP port 27005 to the same host at 209.41.98.2. Now, the NAT on the 678 has re-written the host address of BOTH of these internal NAT clients as, say 65.68.135.105, the public IP address of the DSL router. Now, when the server at 209.41.98.2 sends a UDP packet BACK to 65.68.135.105 at port 27005, how does the 678 know which internal NAT client to route the packet to? If they are sharing the same public IP of 65.68.135.105 and source port of 27005, and since this is obviously the only uniquely identifying socket information in the packet from 209.41.98.2, how can the 678 know which internal NAT client to route the packet to? I don't see how the NAT in the 678 could discern which machine the packet is actually destined for, without first re-writing the outbound port number of the outbound packets. If every socket has to be unique for packets to route correctly on an IP network (my understanding of TCP/IP connectivity), then what you say cannot be correct. If I am all wet here, could someone please explain to me what I have missed? Thx. StanTheMan TheHardwareFreak http://www.hardwarefreak.com rcon admin at: Beer for Breakfast servers <http://bfb.bogleg.org/> 209.41.98.2:27016 (CS multi-map) 209.41.98.2:27015 (DoD) 209.41.98.2:27017 (CS militia/dust2) Dallas, TX > -----Original Message----- > From: Daniel Reinhardt [mailto:[EMAIL PROTECTED]] > Sent: Sunday, July 14, 2002 2:04 PM > To: [EMAIL PROTECTED] > Subject: Re: [hlds_linux] Client port #'s filtering for possible > anti-cheat > > > I am behind a NATed DSL Router and I have port 27005 opened > and can have > multiple connections using that same port opened. IT is a > Cisco 678 DSL > Router, and it works quite well. > > Dan > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, July 14, 2002 3:34 AM > Subject: RE: [hlds_linux] Client port #'s filtering for > possible anti-cheat > > > > I use a NATing firewall on NT at my edge, and it re-assigns > the outbound > > port also. Mine is usually in the 5x,xxx range. NAT > engines must do > this. > > The reason for this is that if you have multiple internal > NAT clients > making > > connections from the same port, they each need to be > re-assigned a unique > > outbound port # so the NAT engine can identify which > internal machine the > > returning inbound packets need to go to. If a NAT engine > left the port at > > 27005, only 1 internal client machine would be able to use > that port. > > > > In summary, this is standard behavior of NAT implementations. > > > > StanTheMan > > TheHardwareFreak > > http://www.hardwarefreak.com > > rcon admin at: > > Beer for Breakfast servers <http://bfb.bogleg.org/> > > 209.41.98.2:27016 (CS multi-map) 209.41.98.2:27015 (DoD) > > 209.41.98.2:27017 (CS militia/dust2) Dallas, TX > > > > > > > -----Original Message----- > > > From: Grant Popoff [mailto:[EMAIL PROTECTED]] > > > Sent: Sunday, July 14, 2002 2:21 AM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [hlds_linux] Client port #'s filtering for possible > > > anti-cheat > > > > > > > > > Thanks I had suspisions that some port reassign was going on > > > between the > > > clients and my sever. > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED]] On Behalf Of > > > > Andrew A. Chen > > > > Sent: July 14, 2002 12:07 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: [hlds_linux] Client port #'s filtering for > > > > possible anti-cheat > > > > > > > > > > > > I play through ipchains masquerading and I get assigned ports > > > > in the 62000+ range. I've also seen this behavior on various > > > > models of routers. I personally wouldn't be concerned about > > > > different ports. > > > > > > > > At 12:01 AM 7/14/2002 -0700, you wrote: > > > > >I have a curious observation. On my server I has some > player with > > > > >source port #'s that were not 27005. They were either quite > > > > abit above > > > > >or below the standard client source port. Could it be > > > > possible for a > > > > >potential cheat to use a different port. I remember several > > > > months ago > > > > >someone make the same observation, but I don't know if > they got any > > > > >response. > > > > > > > > > >I was thinking to filter out any source port that is > not 27005. to > > > > >prevent these possible cheater form even connecting > with the server > > > > >with their cheat. > > > > > > > > > >E.g. > > > > > > > > > >Src!=27005 protocol=udp -> dest=27015 protocol=udp deny > > > > > > > > > >This just an illustration I us webmin with an ipchains > > > > add-on makes it > > > > >much easier for me to fine tune my Linux side firewall, > > > > without having > > > > >to remember ipchains command line structure and > syntax. (waiting > > > > >patiently for iptable version) > > > > > > > > > >Any comments on this. > > > > > > > > > >Grant > > > > > > > > > > > > > > > > > > > > > > > > >_______________________________________________ > > > > >To unsubscribe, edit your list preferences, or view the list > > > > archives, > > > > >please visit: > > > > http://list.valvesoftware.com/mailman/listinfo> /hlds_linux > > > > > > > > > > > > _______________________________________________ > > > > > > > > To unsubscribe, edit your list preferences, or view the list > > > > archives, please visit: > > > > http://list.valvesoftware.com/mailman/listinfo> /hlds_linux > > > > > > > > > > > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list > > > archives, please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the > list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
