|
WinXX firewall computers If you are building a computer firewall to support your interior network, you can do it several ways. If you use a WinXX machine, get a firewall program or WinProxy. What you'll need to do is give that computer a static IP address, and then give your interior computers either static addresses or else DHCP. You'll need to configure the software that you are using for the firewall to allow outbound traffic from interior computers before everything will work correctly. You may ALSO need to open certain ports (see below) to allow connections for online races.
Linux firewall computers Building a Linux firewall is beyond the scope of this document, but if you are using a Linux machine to create a firewall, you'll first need to get two programs, ipautofw, and ipmasqadm. You can go to any of the Linux sources and find these files, or try Metacrawler:
|
|
Once you get those programs, compile them (or install the .rpm if you get that). You will need to enable the experimental features, and enable IP forwarding and masquerading.
These lines go into the rc.local file AFTER the ipfwadm lines:
ipautofw -A -r udp 32766 32766 -h N.N.N.N -v -u
ipautofw -A -r udp 6971 6971 -h N.N.N.N -v -u
/usr/sbin/ipmasqadm autofw -F
/usr/sbin/ipmasqadm autofw -A -r udp 32766 32786 -h N.N.N.N -v -u
/usr/sbin/ipmasqadm autofw -A -r udp 6970 6971 -h N.N.N.N -v -u
where N.N.N.N is the internal IP address of the machine. The other numbers are representative of ports used when playing or hosting GPL.
Use ipchains for masquerading, and include this line before your first ipchains statement:
echo 1 > /proc/sys/net/ipv4/ip_forward
Troubleshooting When you have to troubleshoot why a computer is not getting connection, there are only 4 things stopping anyone from connecting to the internet to race a sim...
Ok, so you've got your new hub/firewall, and you're ready to go...but you don't want to be a dufus and screw things up the first time..how do you set this up properly? (Alternatively, you already HAVE screwed it up and now you want to know how to fix it...) ;] Ok, step by step of the easiest way to troubleshoot network-firewalls in the world.
1) The connection like we mentioned above, is ALWAYS step one. Believe me, after 10 years of computer systems administration, and 5 years of troubleshooting jet fighters...you always start with 'is everything plugged in'? Check your power cords, network cables, even push them in physically to insure they don't just 'appear' to be ok. Insure as well that they are plugged into the right slot (such as the network cable into the terminal slot on a hub/router). Check all computers, all hubs, all modems, everything that is networked. Now, are you getting a light on your modem? How about the hub/firewall? If there is NOTHING happening where your outside line connects to your internal equipment, step one is solved. Call the cable/telephone company!
2) The local configuration is the next place to start. Grab a sheet of paper (remember that?) and write down all the values of IP addresses for all your computers, your hub/firewalls, and such. Now, go to each machine, get a command prompt, and type 'ipconfig' (WinNT) 'winipcfg' Win98/ME, or 'ifconfig -a' on Linux boxes. You should see your local computer's IP address in numeric form (as opposed to domain alias). Does what comes up match what the value is supposed to be for that computer? What about network card? Does it see that? If you are now certain that each computer has the correct IP address, can see it's own network card, it's time to go to the next step...routing.
3) Routing is the arcane art of figuring out WHO you need to talk to, and then determining why you CAN'T. However, we shall attempt to make this as painless as a sim racer whacking the wall at Bristol. We will make one preconception here, and that is if you are really reading this part of the article, you have already or are planning to have two computers networked to gether in the same house. Like we mention in the basic section of this article, both computers should be on the same 'network' IP address. They should have different client addresses. They must know WHO their gateway is with the outside world, and the gateway must know who they are, and who IT'S contact point to the outside world is. If you are having problems connecting, first look to see if your local computer knows who it's domain server is (if you are running a domain behind the firewall), who it's contact point is to the outside world (should be the firewall/router, unless you are using a separate gateway or DHCP server), and then make sure that the gateway knows who they are as well as who it needs to talk to on the outside world. In cases with either straight ISP connection to a personal computer, or personal computers hooked up to a firewall device, alot of this is done for you ('obtain IP address automatically') That is, when they come online and realize they have a network connection, they automatically poll to see if there is a DHCP host waiting to serve them, or, if they connect to an ISP, it automatically give them an IP address. Only in cases where you have a static IP address will you need to do more work...but be aware...if a local computer previously had a permanent IP address, then you hooked it up to a firewall device and told the firewall to serve DHCP, you now may have to go back and remove the IP addresses from the local computer, as well as WINS and DNS.
Now, when you are troubleshooting connection problems, you have several tools that are available for you. One of them is the ping command, the other one is traceroute (called 'tracert' on WinXX machines). First, you need to know the IP address of a machine that you are trying to connect to. Your first step is to go a short distance...like to your firewall. Look on your firewall configuration, and see what the IP address is for the firewall. Type "ping nnn.nnn.nnn.nnn" (where nnn represents the IP number). If you get back a response, you're good. If you get back a 'timed out', then you have problems...retrace your steps, check your connections, IP addresses, cards, network protocols, ect. If you get a 'network is unreachable', then you have your computer on a different network than the one you are trying to reach, and you don't have a gateway or route established to talk to that computer. If you are running on a local network, in most cases you need to rename your machines so that they are on the same network (see the basic info on the first page for that). If you get some packets the make it, and other packets that drop, you are probably having some serious bandwidth problems if you are trying to talk to another computer on your local network.
Continue pinging computers farther and farther out. Next look on your firewall or router (or local computer, depending on your setup) and see what the gateway is for your ISP. Ping that. If you can't reach that, but can reach everything on your interior network, your problems lie on your ISP connection. If you can ping the ISP gateway, but nothing outside of that...call the ISP.
Traceroute, or tracert for WinXX, is a tool to test overall routes to a foriegn location (can be used on a local network, but most probably you are only going to one other hardware device, so you might as well use ping). If you give a foriegn location, such as 'tracert www.cnn.com', it will tell you the IP addresses of all the routers, hubs, and gateways that your packets had to travel through to get to that foriegn location.
4) Your final problem will be ports. If everything else is connected and talking, and you still cannot get into a multiplayer race, you most probably have the wrong (or no) ports open. Here's a list of ports that need to be opened for various racing sims. We'll add to the list as we get them.
GPL
6968-6971
32000
32766-32786
NOTE: GPL ports can be changed by using one of these lines in the core.ini file
[ Communications ]
net_server_port = NNNN
(NNNN) being the port number
NASCAR 3
17761 (can be changed using multi_port in your N3.INI)
(using WON)
Auth Servers: TCP 15200
Dir Servers: TCP 15101
Contest Servers: TCP 15501
Factory Servers: TCP 15001
NASCAR3 Chat: TCP 26901-26999
NASCAR Legends Chat: TCP 28901-28999
NASCAR 4
32766-32808
What you do is go to your firewall and open the ports to allow traffic through. See your documentation for your firewall to find out how to do this.
At any rate, we hope this quick guide to firewalls and sim racing help you with your quest to get out there and multiplayer race...any questions or comments, feel free to email us!
