ohmawgods! You're awesome, I'm not very adept at computers but I followed your tutorial and had success! I feel like a champ and so should you!
Printable View
ohmawgods! You're awesome, I'm not very adept at computers but I followed your tutorial and had success! I feel like a champ and so should you!
This is not nearly so awesome as the original post and I do repeat some of the things the OP said, but this is how I set up FG2 to work on my new box running Windows 7. NOTE: this does not cover Windows 7 Firewall set up. This assume all that is already good-to-go.
1) Go to your router's homepage (for most routers, it's https://192.168.1.1/ and login.
2) In your router, set port forwarding for TCP, ports 1801-1803. Make sure it's "enabled" (if applicable) and make sure it's forwarding to an IP address of your choosing (use "192.168.1.19" for this example). Make sure you hit the "save" or "submit" button to save your work thus far. If you need extra help with this step, go to https://portforward.com/ and try to locate the walk-through for your specific router type.
3) Back on your PC, go to start->all programs->accessories->command prompt
4) In the console window type "ipconfig /all" and hit enter.
5) You should see something like this:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : abcd.ny.comcast.net.
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 1C-34-B5-19-2A-CD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : ge81::ad97:2a61:715e:b2d6%22(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 15, 2012 12:16:37 PM
Lease Expires . . . . . . . . . . : Sunday, September 16, 2012 12:16:37 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 244091301
DHCPv6 Client DUID. . . . . . . . : 00-01-02-03-19-6D-7A-41-8D-99-B5-25-4D-AD
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
What you're most interested in here is the "Subnet Mask," "Default Gateway," and "DNS Servers." Just leave that window open for now and move along to step 6.
6) Go to control panel->network and internet->network connections and right-click on local area connection, then go to "properties"
7) Uncheck "internet protocol version 6" if it is checked.
8) Highlight "internet protocol version 4" and then click "properties" button.
9) Select "use the following ip address" and enter in the IP address you entered into the port forwarding part of step 2 ("192.168.1.19" in this example).
10) Insure your "Subnet Mask" is the same as what you see in the console window (the window you opened in step 5).
11) Type in your "Default Gateway" using the entry you see in the console window (the window you opened in step 5).
12) Type in your two "DNS Server" entries. You should see them in your console window from step 5 as well.
13) Check "validate settings upon exit" and hit OK, then hit Close. You may get a pop-up asking you if you want Windows to try to fix your network or some-such. Disregard it and hit Cancel.
14) If all has gone well, you should still be on the internet. Open Fantasy Grounds and go to Create New Campaign and hit the "Run test" button. Again, if all has gone well, it should say "Success."
At this point, you should have one of your players try to connect to your FG to see if they can get in. Best of luck! :D
Running FG2 as CLIENT:
from client to server sourceport:1024-65535 destinationport:1802 (tcp)
from server to client sourceport:1802 destinationport:1024-65535 (tcp)
Running FG2 as SERVER:
It seems that a FG2-client sends many packages to my FG2-server, so that my firewall think it is an attack. Can some developer test this under linux with iptables? My rule which block this communication looks like this:
regards MarkusQuote:
iptables -A attacksinput -p tcp -m conntrack --ctstate NEW -m multiport --dports 1:79,81:442,444:65535 -m hashlimit --hashlimit-name attacksinnot_80 --hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip -j LOG --log-level info --log-prefix "attacksinput(!80): " && \
We only have one developer (me), and I do not have have a Linux machine to test with.
I do know that Fantasy Grounds will send hundreds of packets during the initial synchronization, since each database node is transferred as a packet.
Regards,
JPG
That is the problem, there are to many packages during the initial synchronization. Is there a chance that the network communication changes in the future. My firewall rule is important, because it blocks senders which flooding my router/network. And this does your FG2-client. I will try to fit my firewal to your FG2 a bit.Quote:
Originally Posted by moon_wizard
@admin
Is it possible to change my username afterwards?
regards Markus
Regarding the username change try sending an e-mail to [email protected]
markus - you have an exception to your rule for HTTP and HTTPS (80 and 443) you could modify your rule to also scan all other ports other than 1802...Quote:
iptables -A attacksinput -p tcp -m conntrack --ctstate NEW -m multiport --dports 1:79,81:442,444:65535 -m hashlimit --hashlimit-name attacksinnot_80 --hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip -j LOG --log-level info --log-prefix "attacksinput(!80): " && \
i also assuming that this is only affecting you whne hosting a game - this rule shouldnt affect you playing/joining a game.Quote:
iptables -A attacksinput -p tcp -m conntrack --ctstate NEW -m multiport --dports 1:79,81:442,444:1801,1803:65535 -m hashlimit --hashlimit-name attacksinnot_80 --hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip -j LOG --log-level info --log-prefix "attacksinput(!80): " && \
Thats right, this problem is only affecting me when i am hosting a game. Yes i have an exception for port 80 and 443, but i have a second flooding protection for these two ports only if i am hosting a web side, so these ports are no problem. All my ports have flooding protection.Quote:
Originally Posted by damned
regards Markus
ahhh but your firewall is not accurately measuring what is a flood. the amazon river discharges 200,000 tonnes of water a second - but it can cope with that. the traffic you are receiving on port 1802 is no more than what FG is designed to be able to receive.
The flood attack beginns, when it reaches this limits:Quote:
Originally Posted by damned
The queue of initial packages has a volume of 20 and it forgets 6/hour. If i can remember this firewall rule correctly. So after a burst of 20 initial packages it needs to be cleared first to take new packages. This queue will be cleared with a speed of 6/hours. I can setup these values, but i need to know how many initial packages this may be from a client maximal. And i dont want to setup these value to big.Code:--hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip