[jhb_airlines] Re: Ports

  • From: Mike Lucas <mhlucas@xxxxxxxxxxxx>
  • To: jhb_airlines@xxxxxxxxxxxxx
  • Date: Mon, 02 Oct 2006 11:40:00 +0100

Peter

Paul has already sent you a more extensive reply than I am going to attempt, and in it he has identified possibly the biggest problem - the range of possible combinations of routers/firewalls and other security programs that we all use.

I am not familiar with Zyxel routers, and it is more than likely that I use a different software firewall (Outpost). But my approach would be to start by trying to eliminate (or confirm) the router as the source of your problem. Connect your FS PC directly to your modem (ie remove the router) and see if you can get all the connections that you want for a Pilot Club session. If you can, then the router is the problem; if you can't, then it's NOT the router but your software firewall that is the problem. If it is the router, then is there a DMZ setting which will allow all ports to be forwarded to one PC? This can be a quick and easy way to get things working. Having said that, I could never find the setting to enable me to be seen by others during an FSHost session - removing the router solved the problem, so I knew that it was a port-forwarding issue, but even using DMZ I could never get two-way visibility with other participants in a FSHost session.

Sorry not to be able to offer a solution. I may know where to find info on NAT, but that doesn't mean that I understand all its subtleties, or have a gift for solving problems to NAT configuration I'm afraid. :-(

Mike L

Peter Dodds wrote:
Mike - you may be able to answer this one then. My Zyxel 660H router has a configurable NAT address table, which allows specific port ranges in, but will only direct packets from that port or ports to a single identified LAN address - 1 PC, whereas as the Firewall is configured separately. Its rules allows an external source with known address to pass to a range of LAN addresses, using a specific "service". Some services are preconfigured, such as TCP on port 80 for HTTP, and some you configure yourself.

I have created a "Service" called Pilot Club with TCP/UDP and ports 16000-17000, accessible by all four of the networked PCs, because I entered a range of LAN addresses to which the rule applies. I also have some entries in the NAT table for things like FS multiplayer (23456) directed to my FS PC = although I often run FS on the laptop, for which the NAT setting for FS won't apply as it has the "wrong" LAN address. Nevertheless, my laptop works in Multiplayer. Consequently, I am coming to the view that NAT configuration is unnecessary and it can all be done in Firewall rules. Any comments?

(One day I'll undertsand all this networking stuff - my system works more by 
accident than design!.)

Peter


Other related posts: