Page 3 of 36 First 1234513 ... Last
  1. #21
    ohmawgods! You're awesome, I'm not very adept at computers but I followed your tutorial and had success! I feel like a champ and so should you!

  2. #22

    Join Date
    Jan 2010
    Location
    Virginia, USA
    Posts
    219
    This is not nearly so awesome as the original post and I do repeat some of the things the OP said, but this is how I set up FG2 to work on my new box running Windows 7. NOTE: this does not cover Windows 7 Firewall set up. This assume all that is already good-to-go.

    1) Go to your router's homepage (for most routers, it's http://192.168.1.1/ and login.

    2) In your router, set port forwarding for TCP, ports 1801-1803. Make sure it's "enabled" (if applicable) and make sure it's forwarding to an IP address of your choosing (use "192.168.1.19" for this example). Make sure you hit the "save" or "submit" button to save your work thus far. If you need extra help with this step, go to http://portforward.com/ and try to locate the walk-through for your specific router type.

    3) Back on your PC, go to start->all programs->accessories->command prompt

    4) In the console window type "ipconfig /all" and hit enter.

    5) You should see something like this:

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : abcd.ny.comcast.net.
    Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
    Physical Address. . . . . . . . . : 1C-34-B5-19-2A-CD
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : ge81::ad97:2a61:715e:b2d6%22(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.108(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Saturday, September 15, 2012 12:16:37 PM
    Lease Expires . . . . . . . . . . : Sunday, September 16, 2012 12:16:37 PM
    Default Gateway . . . . . . . . . : 192.168.1.1
    DHCP Server . . . . . . . . . . . : 192.168.1.1
    DHCPv6 IAID . . . . . . . . . . . : 244091301
    DHCPv6 Client DUID. . . . . . . . : 00-01-02-03-19-6D-7A-41-8D-99-B5-25-4D-AD

    DNS Servers . . . . . . . . . . . : 75.75.75.75
    75.75.76.76
    192.168.1.1
    NetBIOS over Tcpip. . . . . . . . : Enabled


    What you're most interested in here is the "Subnet Mask," "Default Gateway," and "DNS Servers." Just leave that window open for now and move along to step 6.


    6) Go to control panel->network and internet->network connections and right-click on local area connection, then go to "properties"

    7) Uncheck "internet protocol version 6" if it is checked.

    8) Highlight "internet protocol version 4" and then click "properties" button.

    9) Select "use the following ip address" and enter in the IP address you entered into the port forwarding part of step 2 ("192.168.1.19" in this example).

    10) Insure your "Subnet Mask" is the same as what you see in the console window (the window you opened in step 5).

    11) Type in your "Default Gateway" using the entry you see in the console window (the window you opened in step 5).

    12) Type in your two "DNS Server" entries. You should see them in your console window from step 5 as well.

    13) Check "validate settings upon exit" and hit OK, then hit Close. You may get a pop-up asking you if you want Windows to try to fix your network or some-such. Disregard it and hit Cancel.

    14) If all has gone well, you should still be on the internet. Open Fantasy Grounds and go to Create New Campaign and hit the "Run test" button. Again, if all has gone well, it should say "Success."

    At this point, you should have one of your players try to connect to your FG to see if they can get in. Best of luck!
    Last edited by Emrak; September 15th, 2012 at 19:16.

  3. #23
    Running FG2 as CLIENT:

    from client to server sourceport:1024-65535 destinationport:1802 (tcp)
    from server to client sourceport:1802 destinationport:1024-65535 (tcp)

    Running FG2 as SERVER:
    It seems that a FG2-client sends many packages to my FG2-server, so that my firewall think it is an attack. Can some developer test this under linux with iptables? My rule which block this communication looks like this:

    iptables -A attacksinput -p tcp -m conntrack --ctstate NEW -m multiport --dports 1:79,81:442,444:65535 -m hashlimit --hashlimit-name attacksinnot_80 --hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip -j LOG --log-level info --log-prefix "attacksinput(!80): " && \
    regards Markus
    Last edited by Markus Feldmann; October 9th, 2012 at 22:20.

  4. #24
    We only have one developer (me), and I do not have have a Linux machine to test with.

    I do know that Fantasy Grounds will send hundreds of packets during the initial synchronization, since each database node is transferred as a packet.

    Regards,
    JPG

  5. #25
    Quote Originally Posted by moon_wizard
    We only have one developer (me), and I do not have have a Linux machine to test with.

    I do know that Fantasy Grounds will send hundreds of packets during the initial synchronization, since each database node is transferred as a packet.

    Regards,
    JPG
    That is the problem, there are to many packages during the initial synchronization. Is there a chance that the network communication changes in the future. My firewall rule is important, because it blocks senders which flooding my router/network. And this does your FG2-client. I will try to fit my firewal to your FG2 a bit.

    @admin
    Is it possible to change my username afterwards?

    regards Markus

  6. #26

    Join Date
    Mar 2006
    Location
    California
    Posts
    6,460
    Regarding the username change try sending an e-mail to [email protected]

  7. #27
    damned's Avatar
    Join Date
    Mar 2011
    Location
    Australia
    Posts
    19,074
    Blog Entries
    1
    iptables -A attacksinput -p tcp -m conntrack --ctstate NEW -m multiport --dports 1:79,81:442,444:65535 -m hashlimit --hashlimit-name attacksinnot_80 --hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip -j LOG --log-level info --log-prefix "attacksinput(!80): " && \
    markus - you have an exception to your rule for HTTP and HTTPS (80 and 443) you could modify your rule to also scan all other ports other than 1802...

    iptables -A attacksinput -p tcp -m conntrack --ctstate NEW -m multiport --dports 1:79,81:442,444:1801,1803:65535 -m hashlimit --hashlimit-name attacksinnot_80 --hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip -j LOG --log-level info --log-prefix "attacksinput(!80): " && \
    i also assuming that this is only affecting you whne hosting a game - this rule shouldnt affect you playing/joining a game.

    MoreCore - Generic Ruleset
    --- Projects ---
    Extensions | Tutorials | MoreCore | MoreCore Themes | Call of Cthulhu | Maelstrom | FG Con

  8. #28
    Quote Originally Posted by damned
    i also assuming that this is only affecting you whne hosting a game - this rule shouldnt affect you playing/joining a game.
    Thats right, this problem is only affecting me when i am hosting a game. Yes i have an exception for port 80 and 443, but i have a second flooding protection for these two ports only if i am hosting a web side, so these ports are no problem. All my ports have flooding protection.

    regards Markus

  9. #29
    damned's Avatar
    Join Date
    Mar 2011
    Location
    Australia
    Posts
    19,074
    Blog Entries
    1
    ahhh but your firewall is not accurately measuring what is a flood. the amazon river discharges 200,000 tonnes of water a second - but it can cope with that. the traffic you are receiving on port 1802 is no more than what FG is designed to be able to receive.

    MoreCore - Generic Ruleset
    --- Projects ---
    Extensions | Tutorials | MoreCore | MoreCore Themes | Call of Cthulhu | Maelstrom | FG Con

  10. #30
    Quote Originally Posted by damned
    ahhh but your firewall is not accurately measuring what is a flood. the amazon river discharges 200,000 tonnes of water a second - but it can cope with that. the traffic you are receiving on port 1802 is no more than what FG is designed to be able to receive.
    The flood attack beginns, when it reaches this limits:
    Code:
    --hashlimit-upto 6/hour --hashlimit-burst 20 --hashlimit-mode srcip
    The queue of initial packages has a volume of 20 and it forgets 6/hour. If i can remember this firewall rule correctly. So after a burst of 20 initial packages it needs to be cleared first to take new packages. This queue will be cleared with a speed of 6/hours. I can setup these values, but i need to know how many initial packages this may be from a client maximal. And i dont want to setup these value to big.
    Last edited by Markus Feldmann; October 11th, 2012 at 01:16.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in