„Hosztolás” változatai közötti eltérés

From LFS Manual
Ugrás a navigációhozUgrás a kereséshez
Sor 279: Sor 279:
  
 
=== Más szöveges parancsok ===
 
=== Más szöveges parancsok ===
  /out X              :ignored by LFS but seen by external programs
+
  /out X              :a LFS által ignorált, de külső programok által látható
  
These commands are also available to any user who has connected to the
+
Ezek a parancsok elérhetőek mindazoknak, akik az admin jelszó beírásával a hosztra csatlakoztak (ha volt beállítva admin jelszó).
host using the admin password if one was specified when the host was
 
 
started.
 
started.
  

2014. július 6., 18:44 változat

FORDÍTÁS ALATT

Sávszélesség kiszámítása

A sávszélességhasználat körülbelül a játékosok számának négyzetével növekszik. Vigyáznod kell, ne tedd túl magasra a limitet, mert annak a vége egy lag-paradicsom lesz. Nagyon magas feltöltési sávszélesség kell ahhoz, hogy nagyon sok csatlakozott játékos lehessen a szerveren. Egy S2 szerveren maximum kétszer annyi játékos lehet csatlakozva, mint S1-re. Ezek az értékek 4 csomag/mp simaság-beállítással (smoothness) lettek kiszámolva. Oszd el az értékeket 8-cal, hogy megkapd kbit-ben.

 4 vendég,  4 autó :   4.9 KB/s
 8 vendég,  8 autó :  21.4 KB/s
11 vendég, 11 autó :  41.6 KB/s (demo max)
12 vendég, 12 autó :  49.9 KB/s
15 vendég, 15 autó :  79.1 KB/s (S1 max)
16 vendég, 16 autó :  90.4 KB/s
20 vendég, 20 autó : 142.9 KB/s
32 vendég, 32 autó : 372.4 KB/s
47 vendég, 32 autó : 552.4 KB/s (S2 max)

Egy LFS szerver futtatása

Ha bármilyen problémád akadna, kérj segítséget.

Feltételezések

  • Az egész leíráson keresztül feltételezem, hogy nem változtatod meg az alap portot (ami 63392), amit a LFS szervered használni fog. Ha megváltoztatod, a 63392 helyére a te saját portodat helyettesítsd be.
  • Feltételezem, hogy egy dedikált szervert akarsz létrehozni és futtatni.

Dedikált vagy "teljes kliens" szervert?

Pár alap különbség van köztük. Elsősorban a dedikált előnye, hogy nincs nagy gépigénye. A dedikált szerver nem tartalmaz semmilyen játék tartalmat, valamint csak annyi helyet fog elfoglalni a merevlemezen, amennyi kell neki, tehát nem sokat. Futtatásához nem kell különösebb videokártya sem.

Tehát miért kellene használnod a dedikált szervert? Bármikor használhatod, amikor nem akarsz használni egy teljes LFS klienst, és hosszabb ideig akarod futtatni. Például, vegyük alapul, hogy van egy szervered egy adatközpontban és szeretnél egy LFS szervert indítani rajta. A teljes kliens erőforrás-igényes lenne, valamint egy felesleges feloldást is végre kellene hajtani egy accounton. A dedikált szerver idális lenne erre a célra.

Rövid leírás

Dedikált szerver
  • Töltsd le a dedikált szerver innen.
  • Csomagold ki valahova ahol nem felejted el, hová csomagoltad ki. A tálca nem egy jó ötlet.
  • Állítsd be a szervert a setup.cfg fájlban / készíts egy új setup.cfg fájlt.
  • Indítsd el a szervert.
  • Teszteld le a kapcsolatot a lokális hálózatodon kívülről (tehát az internetről). Ha nem megy, nyisd meg a bejövő portokat (TCP/UDP 63392), valamint a kimeneti port (TCP 29339) is legyen nyitva.

Részletes leírás

Windows

  • Töltsd le a dedikált szervert innen: http://www.liveforspeed.net/?page=addons.
  • Klikkelj rá kétszer és menj végig a kicsomagolási folyamaton, vagy jobb egérgomb a fájlra, majd válaszd a Kicsomagolás egy mappába opciót.
  • Készítsd egy új setup.cfg fájlt. Ebben lesz a szerver összes beállítása, hogy működhessen. Szabd testre a beállításait. Nézd meg a Konfiguráció részt, hogy többet megtudhass a beállításról.
  • Indítsd el a szervert. (Klikkelj rá kétszer (LFS.exe), vagy készíts egy batch fájlt, hogy könnyebben tudd elindítani egyes szervereidet, ha több különböző beállítású szervert akarsz futtatni (lfs.exe /cfg=<ÚT A CFG FÁJLHOZ>).)
  • Próbálj csatlakozni a szerverre.
  • Ha helyes jelszó mellett sem nem tudsz csatlakozni, ki kell nyitnod a megfelelő portokat a Windows Firewallodban, vagy a routered tűzfalában (bejövő portok: TCP/UDP 63392, kimenő port: TCP 29339).
  • Próbálj meg csatlakozni a hálózatodon kívülről (tehát az internetről). Szólj a barátodnak, vagy kérj segítséget a fórumon (természetesen ne felejtsd el leírni a szervered nevét).
  • Ha nem tudnak csatlakozni, ki kell nyitnod a portokat a külső tűzfaladban, vagy továbbítani a portokat a routeredből a szerverre. Nézd meg a Tűzfalak részt, hogy többet megtudhass erről.

Linux WINE-nal

For this guide, I presume you know at least the basics about linux (i.e. your package manager, navigating the directory tree, etc.). I also assume everything you do is from a terminal / ssh session.

It's also worth taking a look at this thread, which discusses the issues with various versions of WINE, and workarounds.

  • Download the dedicated server: http://www.liveforspeed.net/?page=addons
  • Extract the server, and extract to the directory LFSServer, in the current directory: unzip -o LFS_S2_DEDI_V.zip ./LFSServer
  • Make sure WINE is installed. If not download / install / compile it.
  • Create or edit the setup.cfg file. The important thing is that /dedicated=invisible, otherwise it will complain about the lack of an X Server.
  • Starting the LFS server. With recent versions of WINE, running LFS as a background process is a pain and has a lot of problems. avellis' suggestion of using wineconsole in a screen is a pretty good solution:
screen -S <INSERT NAME> wineconsole --backend=curses LFS.exe /cfg=<INSERT PATH TO CFG>
  • You can of course, use the background method, if you have an older version of WINE.
nohup wine LFS.exe /cfg=setup.cfg >/dev/null & echo $! > lfs.pid
  • What this will do is start LFS in the background and create an lfs.pid file containing its process id. This is useful if you want to automate the whole starting and stopping of the server process. If you want to learn more about screen, do a man screen in a terminal, or take a look at http://linuxforum.com.
  • Test connecting to the server. If its on the same local network, try connecting to a local game, and putting in the IP address of the box.
  • Finally, get someone from the forums, or outside of the server's network to connect.

If you cannot connect, then you need to open up the ports on your router or firewall.

Killing an orphaned or obsolete WINE\LFS process is a pain in the neck. I've found that a

killall -9 wine

(as the appropriate user (either owner or root)) is the most reliable way of doing it. Either my version of WINE doesnt like being killed, or my box is having a permanent funny 5 minutes; I've always had trouble killing WINE.

A final note on screen, I have a bad habit of opening them for compiles, lynx, LFS servers, etc. and then forgetting they're open. 2 weeks later I wonder where all the RAM has gone Rarely will I say a tool is too useful for its own good, but in this case screen is.

Konfiguráció

Az alap módszer

Használj egy batch fájlt, hogy könnyebben el tudd indítani a szervert, ha több, különböző konfigurációs fájlt is szeretnél használni. A setup.cfg fájlon belül a következő beállításokat tudod megadni:

/host=A Szerver Neve :MINDIG AZ ELSŐ                             - a szerver neve
/pass=Jelszó         :jelszó                                     - nem kötelező 
/admin=Jelszó        :admin jelszó                               - nem kötelező
/ip=X.X.X.X          :helyi IP cím                               - nem kötelező
/port=63392          :egy magas szám 65536 alatt                 - a szerver portja
/mode=demo           :demo / s1 / s2                             - a szerver módja
/usemaster=yes       :no / yes / hidden                          - használjon-e főszervert (ha no-t teszel, a szerver nem lesz elérhető az internetről)
/track=BL2R          :pl. BL1 / SO3R / FE4                       - pálya
/weather=1           :1 / 2 / 3 / 4                              - időjárás
/cars=[cars]         :pl. UF1+XFG+XRG+FBM                        - az engedélyezett autók, egy pluszjelet tegyél az autók közé (lehet csoportokat is megadni, pl. GTR / STD)
/maxguests=4         :max vendégszám aki csatlakozhat a szerverre
/carsmax=5           :max autószám egy versenyben
/carshost=1          :max autószám (reális+gép) a hoszt gépen
/carsguest=1         :max autószám (reális+gép) egy vendég gépen
/pps=4               :3-6                                        - folyamatosság/finomság (smoothness), az autók frissítésének száma egy másodpercben
/qual=0              :kvalifikáció hossza percekben, 0 - nincs kvalifikáció
/laps=5              :a körök száma, 0 - gyakorlás
/wind=1              :0 / 1 / 2                                  - szél (nincs, gyenge, erős)
/dedicated=no        :no / yes / nogfx / invisible        
/vote=yes            :no / yes                                   - szavazhatnak-e a vendégek egy versenyző kirúgására
/select=yes          :no / yes                                   - ki választhatják-e a vendégek a pályát
/rstmin=X            :nincs újraindítás X másodpercre a verseny megkezdése után
/rstend=X            :nincs újraindítás X másodpercre a verseny befejezése után
/autokick=no         :no / yes / ban / spec                      - a rossz irányba haladó versenyzők automatikus kirúgása / kitiltása / nézőbe rakása
/midrace=yes         :no / yes                                   - verseny közbeni belépés
/mustpit=no          :no / yes                                   - kötelező boxkiállás
/start=finish        :fixed/finish/reverse/random                - a rajtrács sorrendje (fix / előző verseny eredménye / fordított / véletlenszerű)
/welcome=X.txt       :az üdvözlési textfájl
/tracks=X.txt        :a megengedett pályákat tartalmazó textfájl
  • Az IP beállítást nem kell megadni.
  • A perjel "/" kötelez minden egyes beállítás elé.
  • A két perjellel "//" ellátott beállításokat nem veszi figyelembe.

Az egyszerű módszer

CrazyICE készített egy DediGUI NG nevű szoftvert, amivel irányíthatod a helyi szerveredet.

Tűzfalak

There are a lot of firewalls out there, but I'll try and cover the ones I've got experience with: ISA, iptables and the windows firewall. If anyone has any requests, I'll add it to the thread / guide, if I can.

Microsoft ISA Server

I'm afraid I only have ISA 2004 on machines now, so the ISA template files I'll be providing will only work as intended on that. I'll add a little guide for them shortly, but I assume that you'll know what to do with them, if you're already using ISA.

Windows Firewall

  • Open the Windows Firewall, from the control Panel, and goto Advanced.
  • Select your Network Connection you want to allow connections from, under Network Connection Settings, and then click the Settings button.
  • Click Add. Give it a Description of "LFS (TCP/63392)", set the Name or IP to 127.0.0.1, put 63392 as both Port Numbers, and select TCP. Click Ok.
  • Click Add. Give it a Description of "LFS (UDP/63392)", set the Name or IP to 127.0.0.1, put 63392 as both Port Numbers, and select UDP. Click Ok.
  • Depending on your setup, this final one may not apply. I've come across a particular hotfix which appeared to change the behaviour of the Windows Firewall. Try it without first, if it doesnt work then click Add. Give it a Description of "LFS (TCP/29339)", set the Name or IP to 127.0.0.1, put 29339 as both Port Numbers, and select TCP. Click Ok.

If when you start the dedicated server, and Windows askes if you want to unblock it or not, select Unblock.

Windows ICS (Internet Connection Sharing)

Port fowarding with Windows ICS is a royal pain in the bum. Sadly there are still people that use this. I'm currently writing up a guide for this.

Port Forwarding / Home Routers

There are quite a lot of home routers out there, so giving a guide for them all would be quite difficult. Heres one for DD-WRT (I run a linksys WRT54G).

  • Open a browser window, and goto your router's IP address. In most situations you'll find this is your default gateway. You can find this by going to Start > Run, typing "cmd", clicking ok, and then typing "ipconfig" and pressing enter.
  • Click "Applications & Gaming"
  • Click "Port Forwarding"
  • Click Add
  • The following settings should be enough: Application = LFS, Port From = 63392, Protocol = Both, IP Address = Your Local IP Address (can be found from ipconfig, as above), Port to = 63392, and tick Enable.
  • Click "Save Settings"

Check out PortForward.com for a guide for your router.

Track Restriction

To restrict the tracks allowed on a host:

  • Create a text file named "X.txt" in your LFS folder.
  • List all the tracks and configurations you want to allow.
  • Type one configuration on each line.
  • You must use the short name of the tracks: [first two letters of name] [config number] [reversed]

Pályalista

Ha nem vagy tisztában a pályák rövidített neveivel, ez hasznos lehet:

  • BL1 = Blackwood GP
  • BL1R = Blackwood GP Reverse
  • BL2 = Blackwood RallyX
  • BL2R = Blackwood RallyX Reverse
  • FE1 = Fern Bay Club
  • FE1R = Fern Bay Club Reverse
  • FE2 = Fern Bay Green
  • FE2R = Fern Bay Green Reverse
  • FE3 = Fern Bay Gold
  • FE3R = Fern Bay Gold Reverse
  • FE4 = Fern Bay Black
  • FE4R = Fern Bay Black Reverse
  • FE5 = Fern Bay RallyX
  • FE5R = Fern Bay RallyX Reverse
  • FE6 = Fern Bay RallyX Green
  • FE6R = Fern Bay RallyX Green Reverse
  • SO1 = South City Classic
  • SO1R = South City Classic Reverse
  • SO2 = South City Unoffical 1
  • SO2R = South City Unoffical 1 Reverse
  • SO3 = South City Unoffical 2
  • SO3R = South City Unoffical 2 Reverse
  • SO4 = South City Long
  • SO4R = South City Long Reverse
  • AU1 = Autocross Arena
  • AU2 = Skidpad
  • AU3 = Drag (2 lane)
  • AU4 = Drag (8 lane)
  • KY1 = Kyoto ring Oval
  • KY1R = Kyoto ring Oval reversed
  • KY2 = Kyoto ring National
  • KY2R = Kyoto ring National reversed
  • KY3 = Kyoto ring GP long
  • KY3R = Kyoto ring GP long reversed
  • WE1 = Westhill International
  • WE1R = Westhill International reversed
  • AS1 = Aston Cadet
  • AS1R = Aston Cadet reversed
  • AS2 = Aston Club
  • AS2R = Aston Club reversed
  • AS3 = Aston National
  • AS3R = Aston National reversed
  • AS4 = Aston Historic
  • AS4R = Aston Historic reversed
  • AS5 = Aston Grand prix
  • AS5R = Aston Grand prix reversed
  • AS6 = Aston Grand Touring
  • AS6R = Aston Grand Touring reversed
  • AS7 = Aston North
  • AS7R = Aston North reversed

Points of Interest

LFS only accepts LAN IPs in the RFC1918 range

  • 10.0.0.0 - 10.255.255.255 (10/8)
  • 172.16.0.0 - 172.31.255.255 (172.16/12)
  • 192.168.0.0 - 192.168.255.255 (192.168/16)

Calculating Required Upload (As of Patch V)

Either use the calculator in the full LFS client (Multiplayer > Start New Game, select a track if required and fiddle with the settings), or follow this formula:

(PPS*0.09375)*((MAX_GUESTS*MAX_IN_RACE)-MAX_IN_RACE) = Kilobyte/sec upload required

If you don't plan to use the dedicated server, you should use the following:

(PPS*0.09375)*((MAX_GUESTS*MAX_IN_RACE)-(MAX_IN_RACE-1)) = Kilobyte/sec upload required

Hoszt parancsok

Az alábbi parancsokat használhatod, hogy irányítsd a hosztodat/szerveredet.

Az alap chatet használva (T billentyűvel vagy csak egyszerűen beírva a dedikált hosztba), az üzenet parancssá változik, ha perjellel ("/") kezded azt.

Egyszerű parancsok paraméter nélkül

/restart             :(újra)indítja a jelenlegi versenyt
/qualify             :(újra)indítja a qualifikációt
/end                 :vissza az előszobába
/names               :a versenyzőt nevei és usernevei közötti váltás
/exit                :tiszta kilépés egy dedikált hosztból (csak hoszt)
/help                :a parancsok listája
/reinit              :teljes hoszt-újraindítás (összes kapcsolat megszakad)

Parancsok paraméterekkel - az előszobában

/track XXCR          :pálya és konfiguráció         (pl. BL1 / SO3R / FE4)
/weather X           :időjárás                      (pl. 1, 2, 3...)
/qual X              :kvalifikáció hossza percekben (0 = nincs kvalifikáció)
/laps X              :körök száma                   (0 = gyakorlás)
/hours X             :órák száma                    (ha nincs kör megadva)
/wind X              :szél                          (0 - szélcsend / 1 - enyhe / 2 - erős)
/autox X             :autocross pálya betöltése     (*.lyt)
/axclear             :autocross pálya törlése

Parancsok paraméterekkel - bármikor

/axlist X            :autocross pályák listája az X pályához - pl. AU1 
/maxguests X         :vendégek maximum száma, akik csatlakozhatnak a szerverhez 
/carsmax X           :autók maximum száma egy versenyben 
/carshost X          :autók maximum száma (élő+MI) a hoszt számítógépen 
/carsguest X         :autók maximum száma (elő+MI) egy vendég számítógépén 
/pps X               :folyamatosság, az autók másodpercenkénti frissítési száma       (3-6) 
/msg X               :rendszerüzenet küldése 
/rstmin X            :nincs újraindítás X másodpercig a verseny indulásától számítva 
/rstend X            :nincs újraindítás X másodpercig a verseny leintésétől számítva 
/autokick X          :automatikus kirúgása az iránnyal szemben haladó versenyzőknek   (no/yes/ban/spectate) 
/midrace X           :a verseny közbeni csatlakozás engedélyezése                     (no/yes) 
/mustpit X           :kötelező boxkiállás                                             (no/yes) 
/start X             :a rajtsorrend                                                   (fixed/finish/reverse/random) 
/pass X              :a szerver jelszava                                              (_üres_ = nincs jelszó)
/welcome X.txt       :az üdvözlőszöveg fájlja                                         (*.txt)
/tracks X.txt        :az engedélyezett pályák listája                                 (*.txt)

Kirúgás és kitiltás parancsok - bármikor

/spec X              :X versenyzőt nézőbe teszi
/kick X              :X versenyzőt kirúgja
/ban X Y             :X versenyzőt kitiltja Y napra (0 = 12 óra)
/unban X             :X versenyzőt leveszi a tiltólistáról

Büntető parancsok - egy verseny alatt

/p_dt X             :áthajtásos büntetés X versenyzőnek 
/p_sg X             :megállásos büntetés X versenyzőnek 
/p_30 X             :30 másodperces büntetés X versenyzőnek 
/p_45 X             :45 másodperces büntetés X versenyzőnek 
/p_clear X          :büntetés eltörlése

Hoszt-beállítási parancsok

/vote X              :no or yes - guest voting
/select X            :no or yes - guest selection
/cars [cars]         :use list of cars including a + between them (ex. UF1+XFG+XRG+FBM)

Más szöveges parancsok

/out X               :a LFS által ignorált, de külső programok által látható

Ezek a parancsok elérhetőek mindazoknak, akik az admin jelszó beírásával a hosztra csatlakoztak (ha volt beállítva admin jelszó). started.

How to play LFS on a LAN

by danowat

Firstly you need to decide which PC will HOST the game, go to this PC and find out its IP address, you can do this by going to START, RUN, CMD, IPCONFIG /ALL.

Lan1.jpg

Note down your IP address, it should be in the range 192.168.0.0, if it isnt then you either need to set it to a proper LAN IP range (192.168.0.0), or if you have XP (certainly PRO, not sure if it works in HOME) you can assign more than one IP address.

Lan2.jpg

Once you have the IP address changed and/or noted, you can now proceed in starting LFS on the HOST machine, click the Multiplayer button, then click Start new game, you will be presented with this screen.

Lan3.jpg

Notice at the top you have 3 options, LOCAL, INTERNET and HIDDEN, as you are making a LAN only game click LOCAL, game name can be anything of your choosing, but CAN'T be blank, password can be left blank, IP address MUST be the same is the IP address on the host machine, and port needs to be a port that is open on your firewall, here I have 63392, yours may be different but you MUST note down which port you use.

Select the other settings to your preference and click GO, once the game has loaded go to each CLIENT machine and proceed to join the game on each CLIENT machine.

Again, the CLIENT machines MUST have a valid IP range, if not change or add as described earlier.

Click Join Specific game, next click LOCAL NETWORK, enter the HOST IP address,the HOST port and the HOST password, now click go and you should connect to the host machine, if you don't and get client connect either your firewall is blocking the traffic on either HOST or CLIENT machine, or your IP address/port selections are wrong.

Lan4.jpg

It certainly works on a LAN, but it just takes a little time to get it running.


Hosting for Dummies

A beginners guide to hosting.

This little guide is written to help people understand the basics of hosting. I have tried to keep away from the technical babble, but some basic knowledge is needed, so lets go on to chapter one: Internet basics.

Internet Basics

All Internet communications is using 3 main parts: IP addresses: This is the address you have, or the address of the host you are connecting to. Ports are used to keep traffic separated, and give the ability to have several services (like http @ port 80, https @ port 443) or programs running at one IP-address. Protocols are the “language” used. For LFS we need TCP and UDP. TCP is using “Handshake” for each packet, so that every packed delivery is confirmed. This creates more traffic, but is reliable and sender knows that data was delivered. TCP also resends packets that were lost automatically. LFS uses TCP for control data, like race restarts. UDP is just sending packets, and hope they arrive at the recipient. It’s much quicker method, but unreliable. LFS uses UDP for sending car position data.

To be able to communicate we need some hardware: NIC: Network Interface Card, or for short: Network card. Routers keep track of where to send the traffic.

Some services: DNS Dynamic Name Server, this helps you to use names for hosts, so you just need to remember www.google.com, instead of 66.102.11.99 (Google’s IP-address) DNS is not necessary for LFS, but used for almost everything else …

Security: Firewall is a system or program used to only let approved traffic thru.

And finally, some other terms used: DHCP, Dynamic Host Configuration Protocol. This is assigning a unused IP-address automatically, helping to reduce the number of unused IP-addresses. Some ISPs force a new IP-address every now and then. Public IP is the IP-address you use to connect to the Internet, or the IP you connects to. This must be a unique address (You will be assigned this from your ISP using your ISP’s DHCP-server) Also called “outside” Private IP Your home router assigns you a Private IP, this address is within some specific ranges, a common used range is: 10.x.x.x , the second range, the most common default for your typical home router is 192.168.x.x, The third range is 172.16-31.x.x. Also called “inside” NAT Network address Translation. This is a very clever system; it protects you very well from the Internet, and gives you the possibility to have several PC’s on the “Inside” [PC1] --> [PC2] --> [Router with NAT] --> Internet [PC3] --> When using NAT your Private IP address is translated to your Public IP, making it possible for you to get on the net Lots of stuff, and new words, but its needed to understand why you need port-mapping.

Lets move on to “How it works”

How the Internet works

A simple sample, direct connection to the Internet: [PC1] --> [Internet] --> [www.google.com]

Your PC has a valid Public IP, and you want to browse google’s web pages Your PC first makes a DNS lookup to find Google’s Public IP. Http is using Port 80, so your PC connects to Google’s public IP at port 80 and you can read the page. What you don’t see is that your PC is using an unused port above 1024 to connect to google, lets say, port 1050, so what really happens is: Your PC opens port 1050 for outgoing traffic, and sends a “Get” request to google’s web server at port 80. The server opens the file and sends it back to your client at port 1050.

A sample with NAT, Connection with a router: [PC1] --> [PC2] -- [Router with NAT] --> [Internet] --> [www.google.com] [PC3] –

Your PC has a valid private IP, and your Router has a valid Public IP Your PC request a page at Google, it uses a port over 1024, lets reuse 1050. The request goes thru your Router, and is translated to your routers public IP, with a new port, lets say the request that reaches google.com is from your routers public IP at port 23050. Google answers back to your routers public IP at port 23050, and it remember that it was your PC, at its Private IP and at port 1050 the request came from and sends the data back to your PC’s Private IP at port 1050.

LFS's default server port is 63392, which means your PC uses a port higher than 1024 and connects to the LFS hosts IP at port 63392. LFS can be set to use any port.

Still hanging on? Lets move on to Security

Security

Security is a BIG issue when connected to the Internet. “Out there” you have hackers and Internet spreading viruses that wants to spoil your fun, it’s just like the demo servers ;) To protect yourself you must use a firewall.

The most common thing is the built in firewall in Windows XP. This is turned on when enabling the Internet connection sharing function. Windows XP SP2 also turns the firewall on by default.

Another common solution is a “Personal Firewall” This is an application you run on your computer. Making sure that only approved programs can access the Internet. The usual way is: when a “new program” request a internet connection, a dialog pops up asking you to grant or deny access, or grant a permanent access.

Another solution is to have an extra “box”, a PC or a “Black box” (black box is a term for a system running a “unknown” OS with a “unknown” firewall).

At home this is most commonly your home gateway. It’s a small box with lots of lights on it. ;) It can also run on a separate PC, using Linux (or other Unix-like OS, FreeBSD is very secure and quite popular), but if you have that solution you probably are no dummy and don’t need to read this guide.

Most external router/firewall solutions come with NAT. The default behaviour of NAT makes sure that NO connections from the outside makes it thru the router, but ANY connection from the inside will be let out.

Problems with the firewall can be hard to diagnose, very often it “just don’t work” with no error messages. You might be able to see blocked traffic in your routers log though, look for message that packet sent to port 63392 (or your chosen LFS port) was blocked.

Still hanging around? Wanna be crazy? Go on to “Security, the tuff stuff” Or just a little bit crazy? Check out, “LFS hosting with a firewall”

Or move on to “why we need port mapping”

Security the tuff stuff ...

WARNING This chapter may make you feel dizzy or fall asleep

The problem with an external firewall is that it doesn’t see which application that is requesting Internet access. It needs rules for the traffic. The first rule is usually “DENY ALL” everything is closed if not a specific rule allows it. New sample: [PC1] --> [PC2] --> [Router with NAT and Firewall] --> [Internet] --> [LFS Host@port 63392] [PC3] -->

PC1 wants to connect to a LFS host at the Host IP and port 63392. To get this traffic thru the router, the router must have a rule that: Allow PC1 to connect to the LFS host, at its IP address and port 63392.

But, there is not only one LFS host out there so the rule needs an update: Allow PC1 to connect to ANY host at port 63392

And then someone else in your company wants to try LFS, new update: Allow ANY pc to connect to ANY host at port 63392

OK, not too bad. Outbound traffic to a specific port is usually granted already (e.g. to be able to browse the Internet you must be able to use port 80 (http)).

But LFS can use any port and now you will dig a real hole in the firewall: Allow ANY pc to connect to ANY host at ANY port.

Most company firewall operators do not want to use “Any”, as this gives no control. 3x ANY in one line is something you really don’t want. Therefore, playing LFS behind a company firewall can be very hard. Hosting LFS behind a company firewall will usually be impossible...

Allow all out deny all in setup is actually a very good firewall for home use, but if you download a program, lets call it Crack.exe, that really is a small program recording your bank account information, and sending it to a host outside, you will never see it, without a Personal Firewall. But … who runs software downloaded from the net without running a virus-scan? ;)

Lets move on to “Hosting LFS with a firewall”.

LFS Hosting with a firewall

WARNING This chapter is also tuff one...

Because of DENY ALL IN rule, you must set up a rule for your LFS host. Your firewall must let incoming traffic to port 63392 (default LFS, or any other port you decided to use in server configuration) pass thru. Remember that LFS is using both TCP and UDP protocols. The rule will look something like: Allow ANY Source IP to connect to your LFS host IP at port 63392 (using both TCP and UDP).

Some firewalls have problems with UDP. If this is the issue, your host will be visible on the master list, but no one will be able to connect.

I would recommend to disable the personal firewall when testing, especially if you are behind a router with NAT. Just remember to enable it when done testing. (For home users with residential gateways this would mean pulling cables and changing setups. I wouldn’t recommend that. If you are setting up the server behind a home gateway, I guess the best way to test would be to have a friend that you can call and ask to try and connect to your server.)

Problems with the firewall can be hard to diagnose, very often it “just don’t work” with no error messages. You might be able to see blocked traffic in your routers log though, look for message that packet sent to port 63392 (or your chosen LFS port) was blocked.

Now we should be able to understand “why we need port mapping”

Why we need port mapping

When hosting, you want other people to be able to connect to your LFS host. Going back to the Router with NAT example: [PC1] -- [PC2] -- [Router with NAT] <-- [Internet] <-- [Computer running LFS] [PC3] –

The router just blocks all traffic from the outside. So we need to create a port mapping to tell the router that this is traffic we want to deal with. A port mapping tells the router that all traffic from the outside to port 63392 (default for LFS) will be sent to an IP on the inside at port 63392. [PC1] -- [PC2] -- [Router with NAT] <-- [Internet] <-- [Computer running LFS] [PC3] <--

Remember: The port mapping must include both TCP and UDP

How this is set up depends on your router. Most home routers provide a web interface to configure the router; some have a separate program running on your PC for configuration. Some routers also have the possibility to use “telnet” to change the configuration (start – run – cmd – telnet 10.0.0.1 (or 192.168.0.1 or 192.168.1.1 or any other IP address of your router)) Read the manual, check your ISP's faq, ask your ISP.

Most home gateways will let you set them up via web interface. Open your web browser and enter http://192.168.0.1 (or other possible addresses). You will almost certainly be asked for username and password by the router.

If you don’t know the password for your router configuration you have three options: 1) Your password is the default factory one: Check you router manual to find out the default password and change it. 2) Your password is not default one and you never changed it yourself: This is most common with routers that were provided by your ISP as part of the service. ISP sometimes sets their own passwords, so that you cannot change the configuration and complain to customer support about it. You will have to talk to your ISP customer support in that case. 3) You changed your password, but forgot it: This is the worst case. You can reset the password by doing the “hard reset” procedure on router to reset to defaults. DON’T DO THIS UNLESS YOU KNOW ALL ABOUT YOUR ROUTER! Resetting the router means all configuration needs to be entered again.

See the “routers guide” and check if your router is in there.

Problems? LFS is using a very high port. Some routers use a high range for “outgoing NAT”. Some ISPs also reserve these high ports for their internal use. If your router/ISP does this you must: Exclude the “LFS range” from the “outgoing NAT” range or Use a lower port for LFS

Some ISPs force your router to change IP every now and then. This is not good for the clients connected when this happens, but (AFAIK) the LFS host reconnects to the master server and updates its new IP.

Routers guide

Here I have a plan to add guides to set up port mapping on specific routers...

See here how to forward ports on your hardware firewall/router
http://portforward.com/routers.htm

Netopia 4542 router

D-link 804HV Setting up a LFS Host

Technical background Here I have tried to collect some words about hosting, and LFS..

TCP and UDP in LFS (By Scawen) The TCP connection of course has to work because the in-sync game code relies on TCP, as everything needs to match, and stay in sync.

But the position updates (PosPackets) don't match perfectly, because they are run without delay (there is always "error" in remote car positions - seen as warping - because of inevitable time delay) and that system uses UDP packets because they are quicker but do suffer from packet loss and it's better to forget about ones that didn't arrive and just use the next packet that does arrive). However, guests which are failing to receive UDP packets can request the host to send TCP PosPackets to the guest, and it will do so. But guests *never* send TCP PosPackets to the host.

That's because sometimes guests are behind firewalls and for some reason can't receive UDP packets sent back to them - and another problem that a UDP connection that worked at first can later be "forgotten" by the router for some reason. However, they can always *send* UDP packets to the host, because the host must be properly set up on the internet, so the problem of losing the UDP connection in that direction shouldn't arise.

So... in summary, it can work if the guest can't *receive* UDP packets, in which case it will request the PosPackets to be sent to it in TCP packets, but it must be able to *send* UDP packets because there is no fallback system in that direction.

Ranges used for LAN games (aka. IETF private IP ranges): (By Scawen) These are the ranges :

10.x.x.x 192.168.x.x 172.16-31.x.x

More info: http://www.suse.de/~mha/linux-ip-nat/diplom/

Why other ranges do not work: (by scawen) That's because direct connection is restricted to local networks. It's a security measure so that people who want to play on the Internet must go through the master server (not connect direct by IP, but they can simply connect by “name” to a "hidden" game for the same effect - this stops people with a hacked version being able to happily race over the internet). So I’ve researched the special IP addresses, which are reserved for local networks and allowed direct connection for those addresses.

I don't really know why your network is using addresses outside the reserved IP address ranges. I guess there may be a good reason or else someone just chose the 200.x.x.x range because it sounded good? Don't know much about that really but you might not be able to connect to some "real" IP addresses in that range, and I guess that's why there are some special reserved ranges.

Sablon:Guides