SUCCESS. the answer for tunneling 1 LAN and a non-NAT

Gamer's Internet Tunnel, formerly Gamer's IPX Tunnel

SUCCESS. the answer for tunneling 1 LAN and a non-NAT

Postby poseyjmac » Tue Apr 26, 2005 12:37 pm

i got the tunnel to work perfectly between my LAN at home(5 users on 192.168.1.x) and a computer here, which is assigned static dsl settings for the network adapter, with no router.(with the help of remote desktop) im writing this because all the other guides in other threads have one option flipped, and it didn't work for me. ill explain further. this is only relevant if you are trying to make GIT work with a computer NOT on a NAT that needs an extra network adapter to get on a subnet.


PC1 = dynamic ip DSL client behind a router/NAT along with 4 other PCs on 192.168.1.x. GIT .99 b4

PC2 = static IP DSL. no router. internet IP info inputted directly into NIC TCP/IP properties. SP2 Windows firewall. GIT .99 b4

-

1. PC1 and PC2 both have to do first obvious step. forwarding/opening the GIT port. So i did this on both. (on the router for PC1, and in the SP2 windows firewall on PC2.

2. Configuration for both is not really relevant. all it should have is you connecting to 213 of their IP or hostname. and the ports you want forwarded.

In advanced config, Each person should have the important 4 options checked:

Ethernet II
Forward ARP
UDP
Also match source port

this will let me play any modern game that I've tried. if i uncheck any of these options, games like splinter cell stop working.

3. so for PC1, thats all you need in advanced config. make sure the proper NIC is selected as the one that forward the packets(the one that has your private ip settings in it) hes done.

4. now for PC2. the bad thing about PC2 was his NIC address settings are taken up by the static DSL settings to get on the net. but then how do you also get a 192.168.1.x address so you can communicate with the other guy? so then i must add a loopback adapter.

http://support.microsoft.com/default.as ... -us;839013

instructions for winXP ^

the loopback adapter would be assigned onto the same subnet and subnet mask as PC1's private network. 192.168.1.x, 255.255.255.0 for me.

without this loopback adapter, PC1's private network wouldn't bother talking to me, so i think of it like security key. gotta get on the 192.168.1.x subnet, this is how.

5. lastly, you must go into advanced config of GIT for PC2. check the same important 4 options. AND now you must do one more thing to make it all work.

check 'alter source IP'. now you're saying ok duh, now i put my loopback adapter address(192.168.1.x) into the internal, and my external internet IP into external and check it, BUT

NO!

it didn't work when i did this. SWITCH those 2 around. put your external address in the internal section, and your 192.168.1.x in the external section. i did this, and boom, everyone can ping each other, could connect to teamspeak(UDP) by its private address. it works.

i always read though, that you have to have it the other way around, but when i switched them just for fun, it worked. I don't know exactly how it works, but my guess is that since im using my internet address in my NIC itself, then it is basically perceived as my internal address too since its in my NIC. i dont really understand how my loopback address(192.168.1.x) is external, maybe its because being 192.168.1.x is my ultimate destination. i dont know. i dont know how it works really, maybe the way i explained this will make ark laugh, and maybe theres another easier way, but well, this works and its the only way i could find.

since i did this from remote desktop, i could only test teamspeak, which worked from private ip to private ip.

----ADDENDUM----

ok, see i knew this would happen, i found an easier way to do it. instead of an ms loopback adapter, all i had to do for PC2 was add the private IP in the existing NIC under Advanced in TCP/IP properties. you don't even need to alter source IP if you do it this way. and teamspeak and pinging that i tested worked all the same.




[/b]
Last edited by poseyjmac on Thu Apr 28, 2005 3:01 am, edited 5 times in total.
poseyjmac
 
Posts: 42
Joined: Mon Mar 29, 2004 11:33 pm

Postby poseyjmac » Wed Apr 27, 2005 12:26 pm

--
Last edited by poseyjmac on Wed Apr 27, 2005 9:23 pm, edited 1 time in total.
poseyjmac
 
Posts: 42
Joined: Mon Mar 29, 2004 11:33 pm

Postby jurydoughnut » Fri Apr 29, 2005 12:20 pm

is that what's reffered to as 'promiscuous mode' ? i never knew you could do that... and i just did!
jurydoughnut
 
Posts: 3
Joined: Thu Apr 28, 2005 11:01 pm

SUCCESS. the answer for tunneling 1 LAN and a non-NAT

Postby ptitpoul » Mon Aug 07, 2006 4:38 pm

Hello,

I tested a similar configuration with
- PC1 = static lan IP, 192.168.1.2, behind a router,
- PC2 = static world IP like 123.456.7.89,
with firewalls correctly configured.

I tested the UDP method, with free games like Cube, armagetron, bobblenet.

On PC2, I created a second IP, 192.168.1.4, (in the TCP/IP properties) with the same subnet (255.255.255.0) than PC1's one.

The only config that worked for a game server on PC1 or PC2 was to inverse internal and external IP in the option "alter source ip":
- for the two PCs, "Also match source port" checked and "Don't send unicast" unchecked,
- Alter source IP :
    - PC1 : internal = external router IP ; external = 192.168.1.2
    - PC2 : internal = 123.456.7.89 ; external = 192.168.1.4

It's strange but it was the only way I found to connect PC2 to a game server on PC1. I wonder what the developper thinks of that inversion.

However, for a game server on PC2, a more classical config worked, with "alter source ip" only on PC2 with internal = 192.168.1.4 and external = 123.456.7.89.

In addition, I used WinPcap 4.0 alpha 1 on PC2 (XP64) and it worked.
Last edited by ptitpoul on Mon Aug 07, 2006 6:49 pm, edited 1 time in total.
ptitpoul
 
Posts: 2
Joined: Mon Aug 07, 2006 3:29 pm

Postby Ark » Mon Aug 07, 2006 5:35 pm

The Alter Source IP option really doesn't have to be from internal to external like I labeled it. What really matters here is "From" and "To".
Any IPv4 packet which has a "Source IP" field which matches "From" is changed to "To" (and the CRC of the packet recomputed to make it still valid).

This option really has nothing at all to do with "(for NAT)", "(Internal)", or "(External)".

The reason I put those comments there was for a case with WarCraft 3 where the server is behind NAT sending broadcast packets on the internal network. I wanted GIT to only tunnel those broadcast packets and have the clients connect directly to the game server. 100% of the game traffic would run over the Internet withOUT GIT once the client located the game server. This method requires forwarding port 213 for GIT as well as the 6112 port for WarCraft 3 instead of just forwarding port 213. The WarCraft clients see the broadcast packet advertising the game server on the LAN, and will attempt to connect to the source address where the packet came from. Since GIT tunneled and re-sent the packet onto a different network, the internal 192.168.x.x address of the game server doesn't exist on that network, and the clients keep trying to connect to a place that doesn't exist. Simply change the source address of the packet and the clients will connect to that instead. The NAT and port forwarding on the other network will let the clients connect to the internal port 6112 without any trouble then.

If I decide to update GIT soon, I may remove those comments saying "Internal" and "External" because too many people try to fill them in, even when they don't even need the Alter Source IP option at all. I may allow a more dynamic system where you can change source and/or destination IP addresses of multiple combinations instead of just one too.
I'm not sure if there is a need for it though and I'm pretty busy.
Ark
Site Admin
 
Posts: 2108
Joined: Sat Sep 13, 2003 4:21 pm

Postby ptitpoul » Mon Aug 07, 2006 7:08 pm

Thanks Ark for your detailed response and, I forgot to say, for your work on GIT.
I understand better the aim of this option. So, the way I used it may be due to a wrong configuration elsewhere, or due to the system {lan + non-lan}.
ptitpoul
 
Posts: 2
Joined: Mon Aug 07, 2006 3:29 pm


Return to GIT

Who is online

Users browsing this forum: No registered users and 0 guests

cron