Hello all,

I'm having a hell of a time understanding why my GM session is unreachable since I changed the host on my internal network. I changed my FW rules *and* resetted it (damn ARP tables). Still it does not work.

The logs on the firewall are mostly useless so I'm down to Wireshark to try to understand what's going on:
1) The "Run Test" feature on the FG program reach first to 104.20.131.20 over http:80, likely to initiate the test on FG server.
2) Now the FG server *I suppose* is trying to open the TCP:1802 on the source address that initiated step 1)

However I am not certain that the FG crew implemented it this way. Can someone confirm that the server trying to initiate the TCP:1802 connection for the test sequence is really 104.20.131.20 and not some other source ?

My network has a lot of IoTs and other computers so I need to filter out as much as I can to diagnose my syslog and wireshark logs to understand what's going wrong. Thanks for your help.

104.20.131.20 is a cloudflare server - its probably the FG splash page thats calling that (although it might be the Run Test Initiation).
And Im guessing you are somewhere antipodean to get that particular cloudflare server.

That is the way the Run Test script works on the server.

You can also use canyouseeme.org to test port 1802 availability as well.

A couple things to check:
* Make sure network on GM machine is Private.
* Make sure Windows Firewall (or other security software) is not blocking network access for FG.
* Make sure port forwarding rule on router still points to current GM machine IP address.

Remember that FG will attempt to automatically to set up port forwarding rule on router if UPnP enabled on router.

If all else fails try posting result of tracert and port forwarding screen.

Regards,
JPG

When testing with canyouseeme.org Fantasy Grounds must have a campaign loaded and not be on any of the earlier screens.

Hello All,

Thanks a lot for your help. diagnostics point to my router/FW* which is behaving inconsistently (UPnP errors, logging errors) to say the least. I wish this damn device would at least tell me it's droping the incoming packets but that's not even the case.

@Damned, thanks for the FG server IP. 104.20.131.20 being a CDN address it is effectively likely the test connection does not come from the same address. Unfortunately my derelict FW is not notifying me of any incoming connection on TCP:1802 so I'm left in the dark.

I'll continue today to fiddle as much as I can with my firewall and let you know if I get to the root cause (just in case it could be useful to someone else).

*A Cisco RV042

Gurgeh - if you want me to look at it with you send me your email via PM.

Thanks a lot Damned, that's very kind of you.

It also confirm your guess, the test server is on and is not on the CDN network used by FG website.

The WireShark trace below confirm that there's a single session initiated by the FG main menu when I select "Connection Test" on this specific server. Then there's nothing coming back on port 1802 but that's my problem with my firewall.

Problem solved !

I had a typo in my port forwarding / PAT rules that are applied before the packet goes through the ACLs. Therefore no logging on the router about a policy violation or acceptance. The UPnP errors where just something I noticed while checking the logs of my router but were not related to this issue.

Have a good day all and thanks again for your support.