I promised to let you know my results.
GIT 0.98 works fine now to setup a Far Cry LAN game.
GIT recognizes the unicast sent by a far cry client in the LAN lobby (port UDP 5678). 
Failure
But Far Cry has some protection routines. It doesn’t allow a LAN game with other than private IP ranges. So, it isn’t possible to setup a LAN game when forwarding the unicast over a public IP.
We tried a VPN connection. I run a Windows 2000 VPN server. Clients connect to the VPN server by a windows VPN client. In this case GIT doesn’t pick up the unicast on the VPN client site. And, of course, unicasts and broadcasts aren’t routed by a VPN connection anyway. So this scenario didn’t work also.
Success
We had success with a VPN to VPN connection, established with two Astaro firewalls. Advantage is that you don’t have to run a VPN client, so GIT can pick up everything. Problem is that not al of my game friends have an Astaro firewall. So we had to find another way.
We found the best solution in a scenario with the combination of a Kerio firewall and a separate Kerio VPN client. A Kerio VPN client is simple to install for everyone.
The Kerio VPN client installs an additional VPN network adaptor, which is recognized by WinPcap. As a result you can select this adaptor by GIT, and pick up and forward the unicast of a Far Cry client. (strange thing is that some friends must select the VPN adaptor, while some others have to select there local network adaptor to make it work).
It’s important to do NAT by GIT. (alter source IP in advanced configuration). ‘From hostname’ is your local IP, and ‘To Hostname’ is the IP you got from the VPN connection.
Thanks
Ark, we are grateful you improved GIT and make it more robust (keeping track of source MAC addresses instead of TTL). The new option ‘Also match source port’ is also very useful, for example with Joint Operations.
I would thank you at last.
Best Regards,
Elwin
ElwinOnline wrote:GREAT!!!!
I will check it soon and report my results.
Thank you.
Ark wrote:GIT v0.98 contains the ability to keep track of MAC source addresses instead of modifying the TTL.