AAO25.com
Assist => Feedback & Suggestions => Bug Reports => Topic started by: EnerGy_NL on Friday, May 03, 2013, 16:32:09 PM
-
Helllo everybody,
I have some problems with joining my own gameserver hosted on a linuxserver at my home. When i join it looks like there is somthing going wrong with the authorization. I see ingame my honor as 15 (should be 101), while my friend sees me at 101. When i try to join a team i see the F2 screen, but no weaponclasses to pick. Just an empty screen. The server is then also telling that im still an spectator en i wil join this team as soon as possible. After a few min is get kicked by MD5tool for 5 minutes.
I've tried everything, reinstalled the server 10 times. The problem is with any computer on the same network as the server. My friend has no problems at all and he can play smoothly.
Can someone help me with this?
Some screenshots are at the following links:
http://timvm.nl/AA2.5%20server%20EnerGy%201.png
http://timvm.nl/AA2.5%20server%20EnerGy%202.png
http://timvm.nl/AA2.5%20server%20EnerGy%203.png
Thnx!!!!
Greetz EnerGy_NL
-
as i can remenber from 2.8.5, i guess you have to do something with the routing. it looks like you are not connecting to the auth server, which means, that you are local at all.
check the ports to be open at your router (NAT). and someting while starting your server (server.ini, i don't remember and no time to search for, sorry). like multihome server or so..
good luck
-
Thnx Merlin,
I have open the following ports:
TCP&UDP:
1716,1717,1718
TCP:
20046,20047,27900
Are there other ports to open?
thnx
-
no, I guess this looks good.
but you are in a local network - so it looks like.
you do not connect the auth server at all. I will search for the solution tomorrow.
-
Use my iptables on the server... should work.
Also, you will need to bind your server to the external (outbound) interface. You can set this up using the multihome parameter in the aa25.ini file.
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m udp --dport 1716:1718 -j ACCEPT
-A INPUT -p udp -m udp --dport 20046:20047 -j ACCEPT
-A INPUT -p udp -m udp --dport 27900 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20:22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
-
just an other try:
what is your servername - and tell me the ip-address
whats your router model/name
whats your local ip-address of your computer, not running the server
whats your local ip-address of your computer, where you run the server (dosbox, -> ipconfig /all)
-
servername: =]Ao2[= Army of 2 || Normal Weapons - Server 2
ip-address: 84.84.41.186
modem/router: KPN experia box
router software: Arcadyan VGV7519, Firmware Version:02.00.124
local ip-address of my computer, not running the server: 192.168.2.11
local ip-address of my computer, where you run the server: 192.168.2.16
@OICURMT2!
So in the ini file the line for multihome should be like this?
multihome=192.168.2.16
how to use those tables? i portforwarded the named ports manually.
----
below some serverconsole log when joining the server:
UDP recvfrom error: 113 from 192.155.198.210:1716
Client netspeed is 10000
Checking Ban Policy for: Name==]Ao2[=EnerGy_NL; IP=84.84.41.186; MAC=00:25:22:c1:c6:72
New Player Recruit id=22e43ba8cf596238f8f2726b4cbe5a4d
25AssistSM: New Connection (slot #1) 84.84.41.186:65005 [?] "Recruit" (seq 8313800)
[AA25] Player =]Ao2[=EnerGy_NL Authorized, Honor:101
AuthOK 84.84.41.186
25AssistSM: No Master Query Sent - DNS has not yet resolved for AAO1.EVENBALANCE.COM
AuthOK 84.84.41.186
my modem/router log says at the same time:
05/06/2013 00:19:33 **UDP Flood to Host** 192.168.2.11, 65005->> 84.84.41.186, 1716 (from PPPoE1 Outbound)
-
i dont know a lot about multihome, but this looks realy like something with that or port forwarding.
before i search the hell out of it, maybe someone else can help you with that.
for sure jonnyM could..or some others.
let's see, maybe someone is answering
what i did with my installation also in a LAN and with Servers:
- router NAT entries for UDP 1716-1718 (and all the other needed) for the WAN Port of the router, with port forwarding to the ip of the local server
that's all i did. all other computer in the local network (192.168.1.xx) can join the game correct. i will post you what i have selected over assist, server tab. there is, on top, an entry (dont remember cause at work now) with something to change in this direction you have trouble. i will check this later.
-
I have add the ip tables to the server, but no difference at all.
Still seeing myself as honor 15 and also not able to join a team like i said before..
Is there someone who can help me with this via Teamviewer or something?
thnx
-
I never found a way to ping my own server, I tried Port triggering / Mapping, DMZ and turned Firewall off, nothing worked.
-
so its not possible?
-
@OICURMT2!
So in the ini file the line for multihome should be like this?
multihome=192.168.2.16
how to use those tables? i portforwarded the named ports manually.
Set the multihome back to the default 0.0.0.0 value, it's not needed unless you are directing the server to a specific interface on your box. For example, my server has 3 NICs, so I tell the server to listen on the IP that is on the outbound card. I assume your box only has one NIC, so multihome can be defaulted.
As for how to use the tables... let's try one thing at a time...
If you are using a GUI, then you should have some sort of Firewall configuration program. Turn OFF the firewall on your Linux box (to start with) and make sure your router is forwarding ports correctly.
If that doesn't work, then your problem is on the router. If it does work, then the problem is on the box.
Let me know what happens, we can take it from there.
BTW: This thread (http://aao25.com/general-server-discussions/aao25-25assist-linux-installation-and-setup-guide/) has a link to a Linux setup guide... it may (or may not) help.
I never found a way to ping my own server, I tried Port triggering / Mapping, DMZ and turned Firewall off, nothing worked.
You can't, but you can redirect something like "finger" services and use that to see if your machine is online or not.
-
You can't, but you can redirect something like "finger" services and use that to see if your machine is online or not.
not true at all , i can ping my server as i can join it from the server list dont need to click join in the server tab
-
not true at all , i can ping my server as i can join it from the server list dont need to click join in the server tab
when I had 3G internet I could join by the server list.
maybe this is different if using Bridge mode idk.
-
not true at all , i can ping my server as i can join it from the server list dont need to click join in the server tab
You'll have to explain to me how ICMP traffic can be redirected to an internal IP address from an outside interface. RFC5508 explicitly allows a return when originating from an internal IP to an external (via NAT), but you cannot ping an internal address from the outside. The only possible exception I can see is in ICMP-EXT, under section 4.1. ICMP Error Payload Validation.
I'm not a guru on how NAT traverses accross a gateway device, but I don't see how you can ping, say, 192.168.1.1 from the outside world, as the 192.168.X.X IP addresses are reserve for internal (private) networks.
OIC!
-
I think you just ping your external IP and with port forwarding, the router sends the ping to the right internal IP.
-
the router sends the ping to the right internal IP
Impossible!
Like explained by "OICURMT2!".
There is no port forwarding of incoming ICMP requests cause this is not how NAT works.
-
I think you just ping your external IP and with port forwarding, the router sends the ping to the right internal IP.
exactly, but you can't reach your own internal ip through your own external ip ;)
-
I can. I've not had issues when using DD-WRT on my router. It's low end routers that cause problems. There's also NAT loopback. I'm not a networking engineer guru but I can view, ping and join my server locally or out to the internet and back in again.
-
I can. I've not had issues when using DD-WRT on my router. It's low end routers that cause problems. There's also NAT loopback. I'm not a networking engineer guru but I can view, ping and join my server locally or out to the internet and back in again.
my modem wont support nat loopback but... this worked for me!
https://forums.sonic.net/viewtopic.php?f=10&t=637
-
I just gave it a try:
Set up a server on one of my LAN PC's.
No problems at all...
Assist-browser showed the ping and let me join from the hosting PC.
-
Impossible!
Like explained by "OICURMT2!".
There is no port forwarding of incoming ICMP requests cause this is not how NAT works.
Everyone is missing one little piece of information...
No routers can forward ICMP, as they are not TCP or UDP. So if you can "ping" your box, what you are really pinging is your external router/modem. Also, ICMP does not use ports, so how can you forward one?
ICMP was designed to directly echo packets for a response time for the device directly associated with the IP address. While ICMP does contain an IP header, routers do not forward them because it is a "diagnostic" protocol. Imagine if everytime you issued a traceroute command the packets were forwarded to a different location. Systems engineers would never be able to find where the fault it. It passes messages...
The only thing I can think of is by using DNAT, which is reserved for IP range forwarding, but really isn't designed to forward ICMP queries, but may be able to do it via a mangled pre-route similar to the following:
iptables -t nat -A PREROUTING -p icmp -d external.ip.address --dport 7 -j DNAT --to-destination internal.ip.address.range
Note that port 7 is the "echo" port, which is NOT ICMP ping (as ICMP does not use ports), but rather the actual "echo" service...
The problem with the iptable entry is that as an ICMP packet arrives to your external device, it would broadcast to EVERY internal device, which in turn would send back replies. The recieving machine would register an error, as the return would not be valid. I tried to test this, but couldn't get anywherre with it.
There may be a kernel level modules out there that does this, but I doubt it.
BTW: If you are talking about the ping to your server on the 25Assist panel, I'd bet dollars to donuts that that particular ping is the message return from the UDP query port and not an ICMP return.
I could be wrong (which SWMBO tells me constantly... :rtfm:) but I suspect I'm not...
OIC!
-
I'd bet dollars to donuts that that particular ping is the message return from the UDP query port and not an ICMP return.
But this could only work if the queried port is not reachable.
Otherwise the "server" must not send any reply cause of the "one way" UDP.
-
But this could only work if the queried port is not reachable.
Otherwise the "server" must not send any reply cause of the "one way" UDP.
This is a good point. I stand corrected.
However, can't a server/client relationship be built where each sends messages to each other via a particular port?
OIC!
-
Possible, without doubt.
But due to the nature of UDP both sides ain't able to verify if the packet arrived or not.
Thats why there is no RTT for UDP packets.
What leads us to the issue of how this game determine your ping?
I have absolutely no idea...
-
Set the multihome back to the default 0.0.0.0 value, it's not needed unless you are directing the server to a specific interface on your box. For example, my server has 3 NICs, so I tell the server to listen on the IP that is on the outbound card. I assume your box only has one NIC, so multihome can be defaulted.
As for how to use the tables... let's try one thing at a time...
If you are using a GUI, then you should have some sort of Firewall configuration program. Turn OFF the firewall on your Linux box (to start with) and make sure your router is forwarding ports correctly.
If that doesn't work, then your problem is on the router. If it does work, then the problem is on the box.
Let me know what happens, we can take it from there.
BTW: This thread (http://aao25.com/general-server-discussions/aao25-25assist-linux-installation-and-setup-guide/) has a link to a Linux setup guide... it may (or may not) help.
You can't, but you can redirect something like "finger" services and use that to see if your machine is online or not.
try this Energy_NL and tell us what happend. ok?
-
What leads us to the issue of how this game determine your ping?
I have absolutely no idea...
think I found it...
25Assist uses a UDP Socket Write and catches it at the other end when the message sent is related to a variable "status" and "aa25ping"... direct extraction from the binary follows:
5627 Auth retry^@^@^@^@^@^A^@^@^@^@^@^@^@^N^@^@^@^I^@^@^@^@^A^@^H^I|startsrv^@^@^@^@^@^@^A^@^@^@^@^@^@^@^M^@^@^@^H^@^@^@^@^A^@^H^Hstartsrv^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@#^@^@^@^^^@^@^@^@^A^@^H^^Checking for 2.5Assist Updates^@^@^@^@^@^A^@^@^@^@^@^@^@^K^@^@^@^F^@^@^@^@^A^@^H^Faudpqr^@^@^@^@^@^A^@^@^@^@^@^@^@^M^@^@^@^H^@^@^@^@^A^@^H^H\status\^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^M^@^@^@^H^@^@^@^@^A^@^H^Haa25ping^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^L^@^@^@^G^@^@^@^@^A^@^H^Greqauth^@^@^@^@^A^@^@^@^@^@^@^@^H^@^@^@^C^@^@^@^@^A^@^H^C10.^@^@^@^@^A^@^@^@^@^@^@^@^M^@^@^@^H^@^@^@^@^A^@^H^H192.168.^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^I^@^@^@^D^@^@^@^@^A^@^H^D127.^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^K^@^@^@^F^@^@^@^@^A^@^H^Fauthok^@^@^@^@^@^A^@^@^@^@^@^@^@^G^@^@^@^B^@^@^@^@^A^@^H^BX1^@^@^@^@^@^A^@^@^@^@^@^@^@^K^@^@^@^F^@^@^@^@^A^@^H^Fauthno^@^@^@^@^@^A^@^@^@^@^@^@^@$
The items to note are udpqr (UDP Query) and what appears to be an embeded strings "status" and "aa25ping". This is the return I was watching when I was packet sniffing my server to see how the traffic was going back and forth...
A deeper investigation is now warranted, as my analysis potentially results in a mistake I made in my Linux guide relating to ports... :( I guess it's time to get onto Rev 1.
OIC!
BTW: I noticed that in the binary code above that there are two strings "10." and "192.168.", which are private IP's. 25Assist must parse out private network masks for some reason. Maybe to have a local server (LAN) or to circumvent the auth server??
ANYWAY, back on topic... per [SWISS]Merlin...
HEY Energy_NL, any progress?!?
-
Nice findings!
I browsed hundreds of sniffed packets but missed this.
-
think I found it...
25Assist uses a UDP Socket Write and catches it at the other end when the message sent is related to a variable "status" and "aa25ping"... direct extraction from the binary follows:
5627 Auth retry^@^@^@^@^@^A^@^@^@^@^@^@^@^N^@^@^@^I^@^@^@^@^A^@^H^I|startsrv^@^@^@^@^@^@^A^@^@^@^@^@^@^@^M^@^@^@^H^@^@^@^@^A^@^H^Hstartsrv^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@#^@^@^@^^^@^@^@^@^A^@^H^^Checking for 2.5Assist Updates^@^@^@^@^@^A^@^@^@^@^@^@^@^K^@^@^@^F^@^@^@^@^A^@^H^Faudpqr^@^@^@^@^@^A^@^@^@^@^@^@^@^M^@^@^@^H^@^@^@^@^A^@^H^H\status\^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^M^@^@^@^H^@^@^@^@^A^@^H^Haa25ping^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^L^@^@^@^G^@^@^@^@^A^@^H^Greqauth^@^@^@^@^A^@^@^@^@^@^@^@^H^@^@^@^C^@^@^@^@^A^@^H^C10.^@^@^@^@^A^@^@^@^@^@^@^@^M^@^@^@^H^@^@^@^@^A^@^H^H192.168.^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^I^@^@^@^D^@^@^@^@^A^@^H^D127.^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^K^@^@^@^F^@^@^@^@^A^@^H^Fauthok^@^@^@^@^@^A^@^@^@^@^@^@^@^G^@^@^@^B^@^@^@^@^A^@^H^BX1^@^@^@^@^@^A^@^@^@^@^@^@^@^K^@^@^@^F^@^@^@^@^A^@^H^Fauthno^@^@^@^@^@^A^@^@^@^@^@^@^@$
The items to note are udpqr (UDP Query) and what appears to be an embeded strings "status" and "aa25ping". This is the return I was watching when I was packet sniffing my server to see how the traffic was going back and forth...
A deeper investigation is now warranted, as my analysis potentially results in a mistake I made in my Linux guide relating to ports... :( I guess it's time to get onto Rev 1.
OIC!
BTW: I noticed that in the binary code above that there are two strings "10." and "192.168.", which are private IP's. 25Assist must parse out private network masks for some reason. Maybe to have a local server (LAN) or to circumvent the auth server??
ANYWAY, back on topic... per [SWISS]Merlin...
HEY Energy_NL, any progress?!?
No need to read the Binary to read the Assist Code:
We are at SourceForge, a bit outdated, but the functions you mention are the same:
http://sourceforge.net/projects/aa25assist/files/?source=dlp
the private networks you mention are used to check that the packets come from local server(Org AA Server-binary)
(https://aao25.com/forum/proxy.php?request=http%3A%2F%2Fi44.tinypic.com%2Frizoev.png&hash=07c679ae0e42a7dc33fb91152ebccf24)
Seems that the Original designer of the software forgot about the 172.16.0.0 /16 Network.
-
No need to read the Binary to read the Assist Code:
We are at SourceForge, a bit outdated, but the functions you mention are the same:
http://sourceforge.net/projects/aa25assist/files/?source=dlp
the private networks you mention are used to check that the packets come from local server(Org AA Server-binary)
(https://aao25.com/forum/proxy.php?request=http%3A%2F%2Fi44.tinypic.com%2Frizoev.png&hash=07c679ae0e42a7dc33fb91152ebccf24)
Seems that the Original designer of the software forgot about the 172.16.0.0 /16 Network.
Umm.... code's not readable. Google tells me it's a REALBasic (http://filext.com/file-extension/RBP) file...
Thanks for the clarification though!
OIC!
-
Well i have found out that by running a server by the 2.5assist client on my PC i also cant play in my own server.
Unless i check the "Disable port testing to external ip" box in the options. When done that i can play!!!! But only when joining via the server tab, not by the serverlist
So my next question is, how can i turn this port testing off on the Linux server?
Is it a AA2 setting or a 2.5assist setting?
--
ps I just read your post so i will give it a try
-
try this Energy_NL and tell us what happend. ok?
The problem is Definitely on my router settings.
When i connected "the box" at my friends' he and i can play smoothly.
But with same server on my network he can play and i can't
-
From what I can read from the code, there is no such option on the Dedicated Server.
Which one fails:
GAME PORT TEST FAILED
QUERY PORT TEST FAILED
One, Both or None?
-
From what I can read from the code, there is no such option on the Dedicated Server.
Which one fails:
GAME PORT TEST FAILED
QUERY PORT TEST FAILED
One, Both or None?
GAME PORT OK
QUERY PORT TEST OK
none, both passed.
Otherwise no one could join the server i guess
-
Sound like you are right then in suspecting local Router/Firewall
-
GAME PORT OK
QUERY PORT TEST OK
none, both passed.
Otherwise no one could join the server i guess
I suspect a port forward issue. You can't just "open" the ports on your router, they have to be directed to your box.
What route/modem do you have?
-
i am almost sure that is has something to do with your router settings, specialy with the NAT-Table entries.
look at this link and try the NAT and maybe SpecialApplications part. but for sure you do have to make entries at the PORT MAPPING section.
http://screenshots.portforward.com/routers/KPN/Experia_Box/
and try what i did say on page 1 of this thread.
i do have some servers running on my home pc (server). my global ip is 178.196.49.30. internal ip of the server is 192.168.1.61
so i have to do a NAT entry like:
UDP 1716-1718 for ip 178.196.49.30 (global), port mapping to internal ip (LAN) 192.168.1.61
then i can play from every pc on the internal net 192.168.1.x, also i can play on the server itself, with time to time "alien warning" on it. but it works fine.