|
So here is my current situation: my 6112 port is closed/blocked.
recap:
I was able to host games in Starcraft Broodwar until yesterday; for some reason i don' t understand my 6112 port closed. This event concided with another computer being connected to the router. I don' t know how that had anything to do with my port closing. I changed nothing on the rules of the Router.
So i start reading a bit and figure i need to get a Static internal I.P. address. Quite simple.
I set it up (192 168 0 155),and it seems good. I then procide to set a new rule in the router but for some reason its not opening. I don' t understand what i' m doing wrong. I think i set up my static IP correctly cause i can connect to the internet. Maybe my DNS (which is the same as before) is wrong?
![[image loading]](http://i.imgur.com/A4awq.gif)
sorry for language here
- My port fowarding page looks like this:
![[image loading]](http://i.imgur.com/Celtu.gif)
![[image loading]](http://i.imgur.com/6JXVh.gif)
The service name "broodwar" is set to ports 6112-611 (i even tried on 6111-6119, makes no difference.)
I have also tried a number of other rules
![[image loading]](http://i.imgur.com/eYqVL.gif)
- I also tried to disactivate my firewall (even do on the firewall i have as rule to allow Starcraft to by-passs it) and it makes no difference:
![[image loading]](http://i.imgur.com/JA6rV.gif)
(I am 100% sure my port is closed cause everything i tried, not only i checked on this program but also tried to host games on iccup and its closed.)
Can anyone help me understand what i' m doing wrong here?
- I have access to my router.
- I am aware of portward.com please do not link me there.
If you need more info ask and i will post
Edit: even do my router is wireless my connection is cabled.
Edit2: i Use windows 7 with 64 bit system. I also have Ubuntu OS Installed on my computer.
|
DNS has nothing to do with your ports being open or closed afaik. It just resolves the IPs of websites into their names. You can always try to use Google's free DNS servers if you want.
Have you tried reverting your router back to factory settings?
|
On December 25 2012 00:41 hune wrote:
DNS has nothing to do with your ports being open or closed afaik. It just resolves the IPs of websites into their names. You can always try to use Google's free DNS servers if you want.
Have you tried reverting your router back to factory settings?
I have done that one time before, when i couldn' t find credentials to access the router. I guess if i don' t find any other solution i' ll do that again. If its not DNS then it really seems weird it does not work, was hoping maybe someone knew why it didn' t.
|
Definitely not a DNS issue. OK here's a crazy idea.
Re-enable your machine's firewall for just a moment(but restore that ruleset that allows BW through).
Bypass your firewall completely. Plug your machine directly into your internet connection just for this test.
Launch BW just to see if it can create games. If everything's good, OK from there we can work on the router config.
|
Hey, what you're doing is not ok. You are simply telling the firewall that those ports should not be blocked. It's not the same thing as port forwarding in a NAT environment which is what you are looking for.
Look for a NAT section in your router admin page.
|
On December 28 2012 03:23 endy wrote:
Hey, what you're doing is not ok. You are simply telling the firewall that those ports should not be blocked. It's not the same thing as port forwarding in a NAT environment which is what you are looking for.
Look for a NAT section in your router admin page.
To take your side, yes it's a security risk to just swing those ports wide open.
To take his side...well...what's listening on those ports, other than just BW? And if BW isn't open...and let's say a hacker crawls in through port 6112...what now? I mean it's not like it's his RPC port or anything...
|
On December 28 2012 03:46 D_K_night wrote:Show nested quote +On December 28 2012 03:23 endy wrote:
Hey, what you're doing is not ok. You are simply telling the firewall that those ports should not be blocked. It's not the same thing as port forwarding in a NAT environment which is what you are looking for.
Look for a NAT section in your router admin page. To take your side, yes it's a security risk to just swing those ports wide open. To take his side...well...what's listening on those ports, other than just BW? And if BW isn't open...and let's say a hacker crawls in through port 6112...what now? I mean it's not like it's his RPC port or anything...
I didn't mean this from a security perspective. I'm just saying that he's not doing the right thing in his router admin panel.
Unblocking a port means that traffic is allowed to go through that port.
Forwarding a port means that traffic on a port must be explicitly forwarded to one of the local IP.
Not the same thing imo.
|
On December 28 2012 12:12 endy wrote:Show nested quote +On December 28 2012 03:46 D_K_night wrote:On December 28 2012 03:23 endy wrote:
Hey, what you're doing is not ok. You are simply telling the firewall that those ports should not be blocked. It's not the same thing as port forwarding in a NAT environment which is what you are looking for.
Look for a NAT section in your router admin page. To take your side, yes it's a security risk to just swing those ports wide open. To take his side...well...what's listening on those ports, other than just BW? And if BW isn't open...and let's say a hacker crawls in through port 6112...what now? I mean it's not like it's his RPC port or anything... I didn't mean this from a security perspective. I'm just saying that he's not doing the right thing in his router admin panel. Unblocking a port means that traffic is allowed to go through that port. Forwarding a port means that traffic on a port must be explicitly forwarded to one of the local IP. Not the same thing imo.
Thanx for replying ^^ i don t understand, what does NAT mean? i went trough my routers sections a bit but can t seem to find it: it looks like this:
![[image loading]](http://i.imgur.com/WW3mX.gif) ![[image loading]](http://i.imgur.com/Va3yN.gif)
Any other advice?
|
NAT stands for Network Address Translation. It's a way of assigning a single web IP to a local network then each machine of the local network have a local IP address. It's basically the setup everyone has at home and at work because before IPv6 there were not enough IP addresses for everyone.
Go to "LAN IP Setup".
|
Note: this is tl, so I didn't reread it enough times... so if I got some blah blah turned into garble garble sorry, I tried...
Gday I may be able to help as technically I usually make my system do what I want it to.
I'd be more confident I can help but what you did looks about right.
tldr? + Show Spoiler +
see ATTENTION and SUGGESTION
if you still want to know about NAT I can explain that at whatever level of detail/simplicity you like.
(but simplicity means i assume you know less techno babble and the explanation perversely gets longer...?)
Things you may need to know about NAT...
(I can say many more words if its still confusing)
(but that might make it worse so I didn't unless you ask)
NAT + Show Spoiler +GOLD standard reference for technofiles: + Show Spoiler + + Show Spoiler + Stevens "TCP/IP Illustrated, Vol. 1: The Protocols" but that will be deeper than you could possibly need. The easiest way to explain it is describe cases where the NAT is required or things cant work at all. Consider you house with 2 computers each running two copies of web browser looking at 4 different websites.... (yeah sorry about how many things that is ...) Question:Anyway when each of the 4 web sites send back some HTML from their port 80 to your modem how does you modem know which computer to give it to? When it get to the computer how does that computer know which browser to give it to? Answer:When each browser decides to ask the website a question it picks aport number on the computer and talsk to port 80 on the web site from that one, when the web site answers it not only sends it back to the ip but also the port number that asked the question. yeah butQuestion:What if the two computers behind you modem both have browsers and they both choose randomly to ask a question from port 54358 -> port 80 When the answer comes back to port 54358 how does the modem know who the answer is for? Answer:It cant unless it did NAT. + Show Spoiler +NAT is set of temporary lies held in your modem. The modem every time it sends a packet out changes the source port number (eg port 54358) so that every outgoing request has a unique source port number. When the answers come back the NAT reverse the lie in the reply. ------ If you followed that. When you put a second computer inside your house suddenly you needed NAT. (depending on how stuff was configured) suddenly instead of just needing to let data in through the modem(punch a hole) you also had had to say for each hole which internal ip it was meant to go to. How can the modem know which PC inside your house is hosting the game?
I am going to cut you post into bits and remove anything i dont need so what say is relevant and has context.
On December 25 2012 00:20 pebble444 wrote:So here is my current situation: my 6112 port is closed/blocked. + Show Spoiler +
recap:
I was able to host games in Starcraft Broodwar until yesterday; for some reason i don' t understand my 6112 port closed. This event concided with another computer being connected to the router. I don' t know how that had anything to do with my port closing. I changed nothing on the rules of the Router.
So i start reading a bit and figure i need to get a Static internal I.P. address. Quite simple.
Not being there and not seeing exactly what got plugged in where when. before the second computer was plugged in the modem only had one place it could posibly send any packets it had been instructed to let in. Afterwards it had choice it couldn't make? I could be surer but I have never run a system with one computer behind 1 ADSL modem.
I set it up (192 168 0 155),and it seems good. + Show Spoiler + I then procide to set a new rule in the router but for some reason its not opening. I don' t understand what i' m doing wrong. I think i set up my static IP correctly cause i can connect to the internet. Maybe my DNS (which is the same as before) is wrong? sorry for language here
looks Ok to me but that it can talk outbound to the internet is a small test of what is configured. Lots can be wrong and outbound internet works fine. However I don't see anything wrong either.
- My port fowarding page looks like this: + Show Spoiler +The service name "broodwar" is set to ports 6112-611 (i even tried on 6111-6119, makes no difference.)
Ok that one (Inbound services) looks little funny....
Setting the WAN user to 91.206.202.41 means the one and only ip on the planet you want to let play broodwar with you is that one. Also see where i write test XXX below as that might make you test fail but brood war work for just that ip...?
(do note I have note played broodwar the way you are over the net. perhaps that what you want? )
Ok that one looks funny as screen shot too.
In order to make your firewall configuration make sense. You need/ require / must have or it cant work EXACTLY one active rule saying what to do with broodwar service, I have no idea what will happen if you enable all 3 like in the screen shot.
- I also tried to disactivate my firewall (even do on the firewall i have as rule to allow Starcraft to by-passs it) and it makes no difference: (I am 100% sure my port is closed cause everything i tried, not only i checked on this program but also tried to host games on iccup and its closed.)
Well I am going to be little rude but, really its for the best. I when configuring such things am never 100% sure of anything until it works... I suspect you cant be. You do know it does not work.
test XXX
ATTENTION This is my real question.
I do not recognise the above screen shot.
Please define just what test it is. (tell me how to get that test done to my ip)
Please define under which of the many firewall configurations that you tried, you saw this.
As noted above I could from here test for you, if your port is open, (using ninja techno wizardry...) but that wouldnt actually say much as at least one firewall configuration specified (in the screen shots) said that the port would only be open if the
test originated at 91.206.202.41
bits i don't care about + Show Spoiler +
Can anyone help me understand what i' m doing wrong here?
- I have access to my router.
- I am aware of portward.com please do not link me there.
If you need more info ask and i will post
Edit: even do my router is wireless my connection is cabled.
Edit2: i Use windows 7 with 64 bit system. I also have Ubuntu OS Installed on my computer.
SUGGESTION
only ever have one Inbound Service rule for Broowar enabled at once.
+ Show Spoiler +(as I am proactively paranoid about how silly I am I would only have one Broodwar rule so I simply cant enable 2 of them.)
try enabling JUST a rule like this one + Show Spoiler +
but change the WAN Users ip to any.
|
you should put your computer's address in the dmz just to see if it works.
|
On December 28 2012 03:23 endy wrote:
Hey, what you're doing is not ok. You are simply telling the firewall that those ports should not be blocked. It's not the same thing as port forwarding in a NAT environment which is what you are looking for.
Look for a NAT section in your router admin page.
I also thought that, but I looked up Netgear's instructions for that router model. He is looking at the right section in the router's settings. It has a box for redirection to a specific LAN IP for every firewall rule.
These are Netgear's instructions for the DG834G router for port forwarding: http://kb.netgear.com/app/answers/detail/a_id/20917#FR114PAnchor
|
On December 25 2012 00:20 pebble444 wrote:- My port fowarding page looks like this: + Show Spoiler +
For "WAN Users", it should perhaps say "Any". That could be the mistake.
Here, rule number three looks alright, but you have those other two rules also active. The machine perhaps never got to rule number three with the other rules in the list, and you never really tested rule number three by itself?
There's perhaps the Windows Firewall on your PC blocking that port 6112. Modern programs have their installation program put a rule into the Windows firewall settings, but Broodwar is old, perhaps you have to do it yourself, an inbound rule allowing stuff to go to port 6112.
|
On December 30 2012 20:39 akalarry wrote:
you should put your computer's address in the dmz just to see if it works.
maybe a good idea ........ maybe no so much
manual says you "should avoid", me too.
For security reasons, you should avoid using the Default DMZ Server feature.
When a computer is designated as the Default DMZ Server, it loses much of
the protection of the firewall, and is exposed to many exploits from the
Internet. If compromised, the computer can be used to attack your network.
What that will mean is unless you PCs firewall is up to the task and has no known exploits.... ooops.
From the manual...
The Default DMZ Server feature is helpful when using some online games and videoconferencing
applications that are incompatible with NAT. The ADSL modem router is programmed to
recognize some of these applications and to work properly with them, but there are other
applications that may not function well. In some cases, one local computer can run the application
properly if that computer’s IP address is entered as the Default DMZ Server.
I think broodwar wont need DMZ style access. Much safer to do it right the other way.
FYI of OP
TBMK.
Setting the DMZ means it is default place all packets get sent thus any person anywhere on the net can attempt to talk to the DMZ server on any port....
Well that's what it means on my modem as i tried it out and sent all the packets to a machine that wasn't there...
please ignore my edit testing sandpit: + Show Spoiler +
|
replace 91.206.202.41 with "any"
|
Setting the target machine as a DMZ is useful for a quick test, to rule out any problems on the end of the computer. But it's not a permanent solution, since it leaves your computer wide open to possible exploits. And while it's not as bad as in the WinXP era (where at some point a machine directly connected to the internet would be infected within 30 minutes), it's still not a good idea.
|
|
|
|
|
|
EPT
