Hosting on dsl behind a NAT

endra · #1 07-29-2007, 05:03 PM

Im on 756 or something k dsl. I know Im behind a nat and I cannot host anything publically. Is there any way I can get people to be able to connect to my server while its behind a nat? Is there any bypass. The only one I found requires that anyone that wants to play on the server must edit a windows system file for it to work. If thats the only way Ill never get people on my server. Is there another way to host from behind a NAT?

Damilis · #2 07-30-2007, 12:12 AM

Well yes and no. You need to be more specific about what your NAT is. Are you talking about a Joe-Standard Linksys/Netgear router?

If so, a simple port forward will fix part of your problem. Port forwarding all the EQEmu ports to the local IP of the machine you are hosing your EQEmu server on will work like a champ.

The issue will still remain, if you are using minilogin that is, that only one person per IP will be able to play. So if two of your friends are on their own PC's behind the same router, then only one of them will be able to connect... this is because that as far as the rest of the world is concerned (your EQEmu server included) their Router's IP is all that is visible.

My solution was to go with a VPN. I chose Hamachi (http://www.hamachi.cc/download/list.php) and its worked great. There is a 16 person per network limit on the free version though, so depending on your expected server load, it may not work for you. I purchased it, so I can host upto 256 peeps.

Additionally, I wrote a simple client/server app that is used to perform EQEmu account authentication when using minilogin. I added a single column to the accounts tab that stores an additional password. What the MyClient software does is make the user put in their account username, password and Hamachi IP and then contacts MyServer app. The MyServer app then hits the Accounts table in my PEQ data base, looks up the account and checks the supplied Password to the new password column. If it authenticates properly, then the MyServer app sets that account's Minilogin IP to the supplied Hamachi IP address. Then the client can launch their EQ and successfully connect to my server.
MyServer pings each MyClient once every 10 seconds to check connection status, if ping fails then the MyServer hits the account table again and sets that account's Minilogin IP to something impossible (0.0.0.0) to lock out that account so that no one else can use it without the AccountName and Password

...just some ideas of what is possible for ya.

endra · #3 07-30-2007, 02:54 AM

Im behind a router, that is linked to a dsl modem, the connection from the isp's network to the internet is where the NAT is.

Damilis · #4 07-30-2007, 03:29 AM

Then it should be as simple as port forwarding the EQEmu ports on the Modem/Router... whichever device is doing the routing.

This will not fix the issue with minilogin not allowing multiple accounts to be tied to the same IP.

endra · #5 07-30-2007, 05:00 AM

Well I can see forwarding the ports but if you think about it. I forward the ports on the router. Then I forward the ports on the dsl modem/router that it is connected to, the connection then goes to the isp's internal network where their DNS server assigns an IP to my router and modem, and my router assigns my local network addresses via its dhcp function or dhcp forwarding I don't know which. But now my modem has an ip in the isp's network. THAT is behind the nat. So forwarding ports on my routers shouldn't do anything because the nat is on their side. But I'll try since you seem to know what you are talking about and my networking memory is a bit fuzzy, although I do thoroughly understand what a NAT does. But here goes. Thanks for spending your time trying to help me btw it is very appreciated.

If my server goes public, then perhaps you can be one of my ops if you would like a little something to do on the side.

ksmith08 · #6 07-30-2007, 05:37 AM

So you're behind two NATs?

I thought that would cause all kinds of crazy errors / problems.

Damilis · #7 07-30-2007, 06:04 AM

Two levels of NAT takes a lot of doing in order to get it working correctly.

Question: What are the make/model of your DSL modem & router?

endra · #8 07-30-2007, 06:33 AM

Only one nat its on the isp's side, not mine so I cant set any ports to forward through it. You know what a NAT actually does, right? No offense. Haven't tried yet, still struggling to get a comp to play on the lan, Smitfraud got both of our computers. And looking at what it does, and how its installed? Its still only adware so its legal, can you believe that using a script to overrun a buffer in firefox to create a reverse pipe to download smitfraud from a website isnt considered a hack? Last I knew reverse pipes were a hack. And so is keylogging. Which it does. As well as install a backdoor trojan, but the owner of smitfraud isnt responsible for that because he didn't design it, it just happens to be on one of the servers that it downloads its apps from. But infecting system files? Being undetectable by standard methods? Undeletable? Self injected browser hooks? Even direct kernal hooking! It's a friggen HACK why isn't it illegal? Sorry for the rant but crap im frustrated. Lol my LAN servers MotD is "F#@$ Smitfraud"

Damilis · #9 07-30-2007, 06:52 AM

No offense taken, and yes i do know what NAT is and does. FYI 'a NAT' doesn't exist, but rather NAT is a function of a device. Any router performs NAT. Many DSL modems have a builtin router but only one physical ethernet port. Most people who have a DSL modem like this stack another COTS router (linksys for example) right behind it and just offset the local networks, aka 192.168.3.x for DSL <-> Router and have the Linksys Router use 192.168.1.x.

This works fine and dandy till you try to host anything from a computer on the .1.x network... where the two (+) layers of NAT start messing everything up.

To Fix, either:
A) Use DSL as router and shift the Linksys over to act as a simple HUB, using the DHCP & Port forwarding on the DSL modem/router.

-or-

B) Shift the DSL modem/router over to Bridge mode, have the Linksys aquire an IP from your ISP via PPPoE and use the DHCP & port forwarding on the Linksys.

Personally, I prefer (and recommend) B as typically the COTS routers will have 10x more stability, throughput and features than the craptastic DSL modem/routers that come standard issue with most broadband packages. Not to mention that you can Flash the Firmware of Linksys's WRT54G with the 'unsupported Firmware' and make it into one hell of a router!

....And it sounds like to me that someone has been visiting "not so on the up and up" type websites.

The only time I have ever got a nasty on my network is from visiting a warez or porn site. Most of these keyloggers and such are 'legalized' by the fact that 'the user clicked Install.... they didn't HAVE to"... which, yes, is a load of BS.

Thats why I have a VM that I fire up when I need to visit any sites that might be shady. If the VM gets a bug or the like, i just delete it and make a new one... zero data loss.

Oh yeah, I did some research a few years back and have come to find that most of these nasties that we get infected with originate from countries outside the US... and since there is no international Law, especially on the internet, then there isnt much legal recourse for anyone losing lots of data to a virus. I suppose this is why data recovery/backup centers can charge a premium and get away with it lol.