Thread: FG Knowledge Base - Firewalls
-
July 29th, 2012, 20:33 #21
ohmawgods! You're awesome, I'm not very adept at computers but I followed your tutorial and had success! I feel like a champ and so should you!
-
September 15th, 2012, 18:14 #22
- Join Date
- Jan 2010
- Location
- Virginia, USA
- Posts
- 219
This is not nearly so awesome as the original post and I do repeat some of the things the OP said, but this is how I set up FG2 to work on my new box running Windows 7. NOTE: this does not cover Windows 7 Firewall set up. This assume all that is already good-to-go.
1) Go to your router's homepage (for most routers, it's https://192.168.1.1/ and login.
2) In your router, set port forwarding for TCP, ports 1801-1803. Make sure it's "enabled" (if applicable) and make sure it's forwarding to an IP address of your choosing (use "192.168.1.19" for this example). Make sure you hit the "save" or "submit" button to save your work thus far. If you need extra help with this step, go to https://portforward.com/ and try to locate the walk-through for your specific router type.
3) Back on your PC, go to start->all programs->accessories->command prompt
4) In the console window type "ipconfig /all" and hit enter.
5) You should see something like this:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : abcd.ny.comcast.net.
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 1C-34-B5-19-2A-CD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : ge81::ad97:2a61:715e:b2d6%22(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 15, 2012 12:16:37 PM
Lease Expires . . . . . . . . . . : Sunday, September 16, 2012 12:16:37 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 244091301
DHCPv6 Client DUID. . . . . . . . : 00-01-02-03-19-6D-7A-41-8D-99-B5-25-4D-AD
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
What you're most interested in here is the "Subnet Mask," "Default Gateway," and "DNS Servers." Just leave that window open for now and move along to step 6.
6) Go to control panel->network and internet->network connections and right-click on local area connection, then go to "properties"
7) Uncheck "internet protocol version 6" if it is checked.
8) Highlight "internet protocol version 4" and then click "properties" button.
9) Select "use the following ip address" and enter in the IP address you entered into the port forwarding part of step 2 ("192.168.1.19" in this example).
10) Insure your "Subnet Mask" is the same as what you see in the console window (the window you opened in step 5).
11) Type in your "Default Gateway" using the entry you see in the console window (the window you opened in step 5).
12) Type in your two "DNS Server" entries. You should see them in your console window from step 5 as well.
13) Check "validate settings upon exit" and hit OK, then hit Close. You may get a pop-up asking you if you want Windows to try to fix your network or some-such. Disregard it and hit Cancel.
14) If all has gone well, you should still be on the internet. Open Fantasy Grounds and go to Create New Campaign and hit the "Run test" button. Again, if all has gone well, it should say "Success."
At this point, you should have one of your players try to connect to your FG to see if they can get in. Best of luck!Last edited by Emrak; September 15th, 2012 at 18:16.
-
October 9th, 2012, 19:19 #23
- Join Date
- Oct 2012
- Posts
- 4
Running FG2 as CLIENT:
from client to server sourceport:1024-65535 destinationport:1802 (tcp)
from server to client sourceport:1802 destinationport:1024-65535 (tcp)
Running FG2 as SERVER:
It seems that a FG2-client sends many packages to my FG2-server, so that my firewall think it is an attack. Can some developer test this under linux with iptables? My rule which block this communication looks like this:
iptables -A attacksinput -p tcp -m conntrack --ctstate NEW -m multiport --dports 1:79,81:442,444:65535 -m hashlimit --hashlimit-name attacksinnot_80 --hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip -j LOG --log-level info --log-prefix "attacksinput(!80): " && \Last edited by Markus Feldmann; October 9th, 2012 at 21:20.
-
October 9th, 2012, 20:12 #24
Supreme Deity
- Join Date
- Mar 2007
- Posts
- 21,105
We only have one developer (me), and I do not have have a Linux machine to test with.
I do know that Fantasy Grounds will send hundreds of packets during the initial synchronization, since each database node is transferred as a packet.
Regards,
JPG
-
October 9th, 2012, 21:18 #25
- Join Date
- Oct 2012
- Posts
- 4
Originally Posted by moon_wizard
@admin
Is it possible to change my username afterwards?
regards Markus
-
October 9th, 2012, 21:31 #26
Lesser Deity
- Join Date
- Mar 2006
- Location
- Arkansas
- Posts
- 7,456
Regarding the username change try sending an e-mail to [email protected]
-
October 9th, 2012, 22:21 #27iptables -A attacksinput -p tcp -m conntrack --ctstate NEW -m multiport --dports 1:79,81:442,444:65535 -m hashlimit --hashlimit-name attacksinnot_80 --hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip -j LOG --log-level info --log-prefix "attacksinput(!80): " && \
iptables -A attacksinput -p tcp -m conntrack --ctstate NEW -m multiport --dports 1:79,81:442,444:1801,1803:65535 -m hashlimit --hashlimit-name attacksinnot_80 --hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip -j LOG --log-level info --log-prefix "attacksinput(!80): " && \
-
October 10th, 2012, 18:43 #28
- Join Date
- Oct 2012
- Posts
- 4
Originally Posted by damned
regards Markus
-
October 10th, 2012, 22:13 #29
ahhh but your firewall is not accurately measuring what is a flood. the amazon river discharges 200,000 tonnes of water a second - but it can cope with that. the traffic you are receiving on port 1802 is no more than what FG is designed to be able to receive.
-
October 11th, 2012, 00:13 #30
- Join Date
- Oct 2012
- Posts
- 4
Originally Posted by damned
Code:--hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip
Last edited by Markus Feldmann; October 11th, 2012 at 00:16.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Bookmarks