All of lore.kernel.org
 help / color / mirror / Atom feed
* NAT support for peer-to-peer games
@ 2004-09-21  8:04 Serguei I. Ivantsov
  2004-09-21 13:08 ` Jason Opperisano
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Serguei I. Ivantsov @ 2004-09-21  8:04 UTC (permalink / raw)
  To: netfilter

Hello!

I just interesting - whether something changes in Netfilter to support
peer-to-peer games.
How to implement the scheme described below using netfilter?

<from the article>
...
Here's how the hosts know where to send the packets:

1) There is a well-known server with a well-known port, not
behind any NAT or firewall. Its only purpose is to relay
the public and local addresses of all participants in a session
to each other. (A host's public address is the address/ UDP port pair
seen by the outside world; its local address is the pair it
thinks it has.)

2) To join the session, a new host sends its local address
to the well-known server. The server then stores the new
host's public address (from the UDP header) together with its
local address (embedded in the packet).
The list of all participants' public and local addresses are
then sent down to the new host. The new host notes its own public
address in the reply from the server.

3) The server sends the public and local address of the
new host to all existing participants.

4) The new host then sends a hello packet to both the public and
local addresses of each participant; likewise, the existing
participants all send hello packets to both the public and
local addresses of the new host. The packet contains
the sending host's public and local addresses.
These are analogous to TCP's SYN packet, and are retransmitted
periodically if no response is received (see below).

5) The act of sending a packet to the other participants
signals the firewall that a reply will be coming back along
the reverse path. It opens up a return path which just
reverses the source and destination address/ UDP port pairs.
This seems to be a common feature of many firewalls and
SOHO routers (e.g. the Cisco PIX). I don't know how
widespread it is. Is there any data on what firewalls
support this behavior?

6) For participants behind different firewalls / NATs / masquerading
hosts, one packet (the one sent to the peer's public address)
will make it through. For participants behind the same firewall / NAT /
masquerading host, the other packet (the one sent to the peer's
local address) will make it through.
For participants with two IP interfaces, one or the other packet
will make it through; it doesn't matter which.


The entire Dan Kegel article can be found here:

http://www.hasenstein.com/HyperNews/get/linux-ip-nat/97.html

--
 Serguei I. Ivantsov



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: NAT support for peer-to-peer games
  2004-09-21  8:04 NAT support for peer-to-peer games Serguei I. Ivantsov
@ 2004-09-21 13:08 ` Jason Opperisano
  2004-09-22  6:45 ` Kenneth Porter
  2004-09-23  8:45 ` Andy Furniss
  2 siblings, 0 replies; 4+ messages in thread
From: Jason Opperisano @ 2004-09-21 13:08 UTC (permalink / raw)
  To: netfilter

On Tue, 2004-09-21 at 04:04, Serguei I. Ivantsov wrote:
> Hello!
> 
> I just interesting - whether something changes in Netfilter to support
> peer-to-peer games.
> How to implement the scheme described below using netfilter?
> 
> <from the article>

[ snip ]

DNAT the necessary ports on the outside of your netfilter box to the
host on the inside that your playing games from, and put a rule in the
FORWARD chain that allows the traffic as well.

example--game port is UDP 7777:

  iptables -t nat -A PREROUTING -i $EXTERNAL_IF -p udp \
    -d $EXTERNAL_IP --dport 7777 -j DNAT --to-destination $CLIENT_IP

  iptables -A FORWARD -p udp -d $CLIENT_IP --dport 7777 -j ACCEPT

adjust accordingly for you particular level of paranoia.

-j

-- 
Jason Opperisano <opie@817west.com>



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: NAT support for peer-to-peer games
  2004-09-21  8:04 NAT support for peer-to-peer games Serguei I. Ivantsov
  2004-09-21 13:08 ` Jason Opperisano
@ 2004-09-22  6:45 ` Kenneth Porter
  2004-09-23  8:45 ` Andy Furniss
  2 siblings, 0 replies; 4+ messages in thread
From: Kenneth Porter @ 2004-09-22  6:45 UTC (permalink / raw)
  To: netfilter

--On Tuesday, September 21, 2004 11:04 AM +0300 "Serguei I. Ivantsov" 
<manowar@gsc-game.kiev.ua> wrote:

> How to implement the scheme described below using netfilter?

Note that the Linux-based Linksys WRT54G consumer router has "port 
triggering", which opens an inbound forwarding when an outbound packet 
matches a pattern. You could look at the implementation to see how Linksys 
did it. The code can be downloaded from Linksys' site.




^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: NAT support for peer-to-peer games
  2004-09-21  8:04 NAT support for peer-to-peer games Serguei I. Ivantsov
  2004-09-21 13:08 ` Jason Opperisano
  2004-09-22  6:45 ` Kenneth Porter
@ 2004-09-23  8:45 ` Andy Furniss
  2 siblings, 0 replies; 4+ messages in thread
From: Andy Furniss @ 2004-09-23  8:45 UTC (permalink / raw)
  To: Serguei I. Ivantsov; +Cc: netfilter

Serguei I. Ivantsov wrote:
> Hello!
> 
> I just interesting - whether something changes in Netfilter to support
> peer-to-peer games.
> How to implement the scheme described below using netfilter?
> 
> <from the article>

It's a bit old - 1998.

Andy.




^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-09-23  8:45 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-09-21  8:04 NAT support for peer-to-peer games Serguei I. Ivantsov
2004-09-21 13:08 ` Jason Opperisano
2004-09-22  6:45 ` Kenneth Porter
2004-09-23  8:45 ` Andy Furniss

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.