Come get me if you can

madborg · #1 01-22-2002, 07:33 AM

"Come get me if you can" is the server name for today that I will be using from the login server as proof that you can have a private server listed. This is an extremely private server though, because right now only the people on the private net can log on.

Fortunately, this insight hit me this morning so I didn't have to wait until midnight.

good luck in trying to get into my server, because you can't, but I am there right now having fun in sirens.

**added**
you must still have Internet access to the gotfrags machine though, so you can't set up a completely private system

Francisco · #2 01-22-2002, 07:47 AM

umm, ok?

madborg · #3 01-22-2002, 08:13 AM

Quote:

Originally Posted by Francisco

umm, ok?

was there more to the post and did you forget to type it in?

This is not an exercise in futility, it is a valid concern that some people had about how they can have their server up without having to worry about other people logging in. Doesn't answer the second part of how you have your own system accessible to the net but not to the gotfrags login server.

It's not an attempt to ignore lock/unlock, it's an attempt to better understand what is going on between my servers, the login server, and my clients.

It's also an answer to a previous post I had about security concerns. I had a person with the char "tyco" try to get into my system but I didn't have any zones up. Yesterday morning I was fairly confused about how things worked with the login server. Now I know that I had a big hole in my firewall (that I thought didn't exist), and that later I closed it. But I couldn't tell the difference because I was on the same private net.

So unless your keyboard exploded, let's hear some constructive comments. Or if not constructive, at least funny.

Francisco · #4 01-22-2002, 08:32 AM

Things make a little more sense once you added some background information to it.

I didn't understand the post completely, you filled in the blanks.

Zeitgeist · #5 01-22-2002, 08:33 AM

The sheer posting volume must've made his head explode =) He's usually more descriptive than "Umm, ok?". Seems to me he doesn't understand the point of this. The point is so that users who want to test without having to worry about anyone logging in in the case that:

1. they have a LAN with the server and the client they use on it
2. they use 0.2.0 and thus HAVE to use the LS

I guess that pretty much covers it. That and figuring out how the bits and pieces communicate so as to try and maintain the security of your LAN while still letting you play with the fun toy. I could be wrong, of course =) But that's why I did the same thing, Borg and I came to the same conclusions/result.

Francisco · #6 01-22-2002, 08:44 AM

You could actually take it a step further and explain how you made your server secure.

Did you edit your firewall rules? Or make other changes that enable you to detour character creations by other people?

I think a lot of people would like to know if there was a simple way to secure your server without having to screw around with your firewall rules and giving certain dhcp'd ip ranges access because your friends play on dhcp networks.

darvik · #7 01-22-2002, 09:04 AM

There is more to it than just that.. Personally for me, I dont really like the black-box aspect of the current login procedure - dont know who we are giving our information to.
And your solution above does not cover friends in other places that may want to log into your server.

TheClaus · #8 01-22-2002, 09:05 AM

Okay I think I figured out what he did. The login server is needed right? Well when he brought up the server it is pointed to the ip on his internal network. So when he brings up his client and logs into the login server and hits his server it says okay and points it too 192.168.x.x or whatever he put into the loginserver.ini. Since he is on the same network as the server it just connected just fine.

*Added

Your right he will be the only one to connect to the server. Friends will not though unless you did ALOT of port forwarding. ALOT!!!!!

Zeitgeist · #9 01-22-2002, 09:35 AM

not entirely true, i have a dyndns.org pointer to my external ip and do port forwarding of ports 9000-9020 to the server.

madborg · #10 01-22-2002, 09:40 AM

Quote:

Originally Posted by Francisco

Things make a little more sense once you added some background information to it.

I didn't understand the post completely, you filled in the blanks.

sorry. It's not like that was my first post though. It's been driving me somewhat wacky since yesterday on this whole login thing.

I also wasn't 100% sure, so I needed someone to challenge me and try it.

devn00b · #11 01-22-2002, 09:44 AM

Well borg i tryed 3 diff times..and it was No go!! WTG bro

Zeitgeist · #12 01-22-2002, 09:44 AM

borg have you tried port forwarding and giving someone the ip? i haven't tested it yet, mypost above is theoretical. kinda depends on how picky the world/zones get about IPs during handoff... may be that I can modify the zone params while leaving the worldserer set to the local address, thus preventing login from the LS but allowing for people who know the dyndns addy or the actual numeric IP. If you are around later mayhap you could help me test that theory?

regards,

madborg · #13 01-22-2002, 10:24 AM

Quote:

Originally Posted by Zeitgeist

borg have you tried port forwarding and giving someone the ip?
regards,

This whole network thing has always always driven me buggy.

The other day I fired my firewall server cause I thought it was faulty by not allowing my nonLinux on as Internet accessible.
I go out and spend $199 on XP to set up my own firewall server and then yesterday morning I discovered that heck my server was on the Internet afterall and the login server was having a fun time adding an account to mysql.

Then I still believe that a user "tyco" got on my system -- if so then at that time it must have been publicly available. Had I known that I could have saved the $199 and just focus on why Windows was being so bitchy to me.

So now I have closed the hole -- or I believe so. This afternoon or later -- depends on my mood-- I am going to start all over again with a new database. This time through i don't expect the login server to get to my database because I have closed the door. If it can still get through -- then I give up completely.

As for creating a semi-private net that allows users on the Internet to access it but it is not connected to the gotfrags-- I don't believe you can do that with any network trick.

The login server has a protocol that it is following and hopefully only talking to the client (eqgame.exe). But it is opening doors for SoL and getting everything in place so that the world server and zone servers do the right thing.

So I am using the login server as a key and that's all. It's a big fat key and my system is 100% secure from it.

madborg · #14 01-22-2002, 10:38 AM

Quote:

Originally Posted by /dev/n00b

Well borg i tryed 3 diff times..and it was No go!! WTG bro

Too bad you couldn't get in cause I have the nude textures for all the female models loaded up in freeport.

I will be doing one more security test this afternoon to verify that the login server can only access mysql database if I leave a hole for it -- otherwise no.

I won't post any follow up to that.

Remember the only thing I am currently working on is how to make the private network secure, not how to let other people get access. If I want to make it public it's just a simple flick of the firewall.

And I can now test for port only accesses too so I don't have to make a whole machine accessible. Until the login server, my testing methods were not working.

Zeitgeist · #15 01-22-2002, 10:15 PM

what i had trouble with before was getting access both internally and externally. i had meant to dmz myself and see what happened, but i got sidetracked by dinner and a movie =) ugh i'm tired lol...