This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I just don't get it...

I'm trying to access battle.net to play Warcraft 3 with a couple of friends but my ASL just won't let me in. When I click on the battle.net button to login, I get the message "Unable to connect to battle.net".

The following are port information from battle.net:
    * Allow port 6112 TCP out and allow established sessions in
    * Allow port 6112 TCP in (hosting custom games)
    * Allow port 6113-6119 TCP out and in (hosting custom games if you’ve changed the default port in the Options/Gameplay screen)

I've setup two services, WC-1(6112) and WC-2(6113-6119) both set at TCP/UDP.

The following are my NAT Rules:
WC3-1   Any->inwall(Address)/WC3-1   None   amedm
WC3-2   Any->inwall(Address)/WC3-2   None   amedm

Where inwall is my external interface and amedm is my game PC.

The following are my Packet Filter Rules:
Any   0.0.0.0/0   WC3-1   --->   0.0.0.0/0   Any
Any   0.0.0.0/0   WC3-2   --->   0.0.0.0/0   Any

When I run a port scan from the internet, the ports(6112 through 6119) is shown as green, Accept, when viewing the Packet filter live log. So, that tells me(I think) that communication between my local PC with a remote system(Internet host) is open through those ports.

But why is it that I'm still unable to login to battle.net even with the ports they requested is already opened?

I'm certain it's something very simple to the expert but not to me... [:(]

Any suggestion is much appreciated.

Thanks,
jav

This thread was automatically locked due to age.

0 eraser over 20 years ago

I use WC3 Bnet without any problems. I both host and play mostly custom games. Here is how I have things set up:

Sevice def: WC3 - TCP/UDP - 1024:65535 - 6112
NAT: WC3 - Any -> EXTERNAL (Address) / WC3 - None - NULL (null is my workstation)
Packet filter: Any WC3 Any Allow

Are you sure NAT is sending the traffic to the right LAN IP? Is there a software firewall on your PC?
Cancel
Vote Up 0 Vote Down

Cancel
0 javelin over 20 years ago in reply to eraser

[ QUOTE ]
I use WC3 Bnet without any problems. I both host and play mostly custom games. Here is how I have things set up:

Sevice def: WC3 - TCP/UDP - 1024:65535 - 6112
NAT: WC3 - Any -> EXTERNAL (Address) / WC3 - None - NULL (null is my workstation)
Packet filter: Any WC3 Any Allow

Are you sure NAT is sending the traffic to the right LAN IP? Is there a software firewall on your PC?

[/ QUOTE ]

Hi eraser.

Your configuration look very simillar to the service I've created, WC-1. My NAT appears to be correct, again it looks very simillar to yours and same goes with the filter rule.

I suspect you could be right about my software firewall, Symantec Desktop Firewall, which is ued for my VPN. However, even if I disable it, I'm still not getting in to BN.

I also have a number of spyware processes and virus scanners, Spybot, AVG that's running which I think may also be resposible...will try to disable them and see how it goes.

Thanks for you reply... [:)]

jav
Cancel
Vote Up 0 Vote Down

Cancel

0 javelin over 20 years ago

Well, I took ASL off the network and connected my game PC directly to BN and I was able to login. I opened a window and monitored my connections and it showed a ESTABLISHED link to port 6112.
Code:


Active Connections

   Proto   Local Address	Foreign Address         State
   TCP     24.107.59.78:1862	63.240.202.121:6112	ESTABLISHED
   TCP	   24.107.59.78:1863	63.240.202.121:6112	TIME_WAIT

Now, putting ASL back into the picture, soon after I try to login, it won't connect. Looking at the NAT Rules here's what I have:
Code:


Chain USR_PRE (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            68.184.214.125      tcp spts:1024:65535 dpt:6112 to:192.168.1.30 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            68.184.214.125      udp spts:1024:65535 dpt:6112 to:192.168.1.30 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            68.184.214.125      tcp spts:1024:65535 dpt:6112 to:192.168.1.30 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            68.184.214.125      udp spts:1024:65535 dpt:6112 to:192.168.1.30 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            68.184.214.125      tcp spts:1024:65535 dpts:6113:6119 to:192.168.1.30 
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            68.184.214.125      udp spts:1024:65535 dpts:6113:6119 to:192.168.1.30

Notice, it correctly forward the ports to my game PC, 192.168.1.30.

And with the Packet filter log:
Code:


Chain AUTO_OUTPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:6112 OWNER CMD match squidf 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spts:1024:65535 dpt:6112 OWNER CMD match squidf

Here's my MASQ rule:
Code:


Chain USR_POST (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      eth2    192.168.1.0/24       0.0.0.0/0

What else or where can I check in ASL that would show or tell me the object that's preventing me from connecting to BN?

Thanks for any suggestion or advise.

jav

0 SalishSwede over 20 years ago

I'm curious what the effect is of two NAT configurations from one port to two different machines.

The following are my NAT Rules:
WC3-1 Any->inwall(Address)/WC3-1 None amedm
WC3-2 Any->inwall(Address)/WC3-2 None amedm

I wonder if ASL is getting confused here.
I'm thinking you should set one server to use a different TCP/IP port and define a second service for this new port. Then change the second NAT rule to accomodate the new service/port. That way ASL will know which server is being addressed when inbound requests come to your servers. Many multi-user network applications support custom ports for a number of reasons.

Cheers,

~Doug
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 20 years ago in reply to SalishSwede

Battle.net is NOT NAT aware first of all so it can be a bugger to get to work. You are not going to be able to host behind Astaro without opening some ports and then forwarding them to your machine. So you either need to setup some dnat rules to your machine or my reccomendation is let your buddies host the games.
Cancel
Vote Up 0 Vote Down

Cancel

0 javelin over 20 years ago

Sorry but I have to get back to this. I don't know why I'm getting such a hard time configuring this thing when some have actually done it.

The port in question is 6112.

When I look at the "Packet filter live log", it shows my network connection is being Drop as shown in Pink:
Code:


22:55:42 	192.168.1.30 	6112 	-> 	255.255.255.255 	6112 	UDP 	20 	24 	128

If I look at my "Current System Packet Filter Rules" from the Advance tab, it does not show any networks being dropped for port 6112.

The only drop entry is in the SPOOFING_PROTECTION:
Code:


Chain SPOOFING_PROTECTION (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SPOOF_DROP  all  --  eth2   *       24.107.57.208        0.0.0.0/0           
    0     0 SPOOF_DROP  all  --  eth2   *       192.168.1.0/24       0.0.0.0/0           
    0     0 SPOOF_DROP  all  --  eth0   *       192.168.1.1          0.0.0.0/0           
    0     0 SPOOF_DROP  all  --  eth0   *       24.107.32.0/19       0.0.0.0/0

This seems to be normal as it provides security against network spoofing. Is it?

I have temporarily disabled all "blocked" networks from my "Packet Filter Rules" but still the same. I'm lost!

Any suggestion anyone?

Jav