Heres a challenge for the most technical of you...

That is to nail down the exact ports that LB2 needs to be able to host behind a router.

The known ports to forward to your IP are:
26210 TCP & UDP (Deprecated DirectPlay enumeration)
47624 TCP & UDP (Initial TCP connection)
2300-2400 TCP & UDP (Subsequent TCP In/Outbound)

The first two are what make LB2 work behind almost any router as a client.
The uncertainty is around getting the right ports for the host.

For some routers, like REVERANT's, he can use the above information for port forwarding to IP address of his computer and he can do both hosting and as client.

For me, I have older SMC and DLink routers. Both can work as clients, but not as hosts.
The work around is that I put my computer's IP addy in the DMZ and then I can also host LB2.

I believe the problem is that my router's port forwarding tools do not allow for forwarding a port range (2300-2400 or whatever else LB2 needs).
My two routers only allow single port to IP address forwarding.
The answer may be in getting a newer router that handles port ranges.

However, if we knew exactly which ports LB2 uses within the range of 2300-2400;
perhaps we could narrow it down to a few ports that could then be paired one at a time.

Are there any out there that have and know how to use a network analyzer to run this kind of data capturing of the TCP and UDP packets and thus map them to the LB2 ports being used?

That is the challenge.

Those of you that are able to host LB2 behind a router without going to the DMZ, we would appreciate it if you post your router manufacturer and model number, along with what ports youve forwarded.

Thank you in advance.

Man, Recluse and I documented this up the ying yang months ago. I even did sniffer traces on the traffic to see them. I'll need to search that out, it's on here somewhere.

It would be a good idea to get a list of make/model/CODE VERSION on various Firewall/NAT boxes/Riouters for this.

What is interesting to me is that on my SMC and Netgear Routers, I could not even host on DMZ.

In the tests we did, the issue appeared to be less of a port issue and more of an addressing issue.

The client connects to the host at the WAN IP (lets call it 68.100.200.10) and everything is fine...router forwards whatever is necessary to the LAN IP (lets call it 192.168.2.5) then when FLY is pressed, the host seems to say:

"OK GUYS, COME n Git me at 192.168.2.5!!"

and of course all the clients fail trying to connect to a LAN address over the net, forgetting their previous successful connection. I don't know what it is about the WORKING routers, who must be able to say

"Slow down there Sparky, you THINK you want them at 192.168.2.5, but I know better, and will tell them to try 68.100.200.10!"

The only test +G and I didnt manage to do was to capture the traffic from a WORKING host behind a router to see what happened.

If you look in the various .ini files (Connect.ini, Master.ini, Client.ini) you will see the recorded IP addresses...amazingly, you will find LAN addresses as well as WAN addresses indicating that some packets must have header information from LAN IPs.

There is another file which I forget just now that contains what the HOST believes to be their IP. For a case of a non-working router, you see the LAN IP.

Recluse

Here is a file from my LB2 folder called BCI.txt which was written during our flights last week. I n this flight, there were some issues. Reverant and Shadow dropped out, I was in with Walleye and Inspector, but there were some glitches.

Building CONNECT.INI
mpv=1
NumberPlayers=5
PlayerIDX=2
Player 0
Database says that Address is 2,0,102,98,68,102,217,85,0,0,0,0,0,0,0,0,
Database says that Callsign is 0072F179Walleye (jv)
Player 1
Database says that Address is 2,0,102,98,192,168,1,125,72,241,19,0,110,0,80,0,
Database says that Callsign is 01FDCC5CShadow (mg)
* Player 2
Database says that Address is 2,0,102,98,192,168,2,4,192,239,113,0,110,0,80,0,
Database says that Callsign is 00F74572RecluseCMP (b)
Player 3
Database says that Address is 2,0,102,98,169,254,174,162,192,239,113,0,110,0,80,0,
Database says that Callsign is 00084122INSPECTOR (jf)
Player 4
Database says that Address is 2,0,102,98,10,0,0,20,0,224,253,127,160,186,29,2,
Database says that Callsign is 003681BCReverant (ds)


You can see Walleye's proper WAN IP: 68.102.217.85

My LAN Ip shows up:

192.168.2.4

As does SHADOW's:

192.168.1.125

Not sure about INSPECTOR,

169.254.174.162 doesn't seem quite right seems like one of those Microsoft Autoconfiguration IP's...rather than a righteous LAN or WAN IP.

Not sure what the other addresses represent. I only know that my WAN IP isn't shown anywhere in the string.

Maybe +G can translate...

What is most interesting is that Walleye hosted. So the fact that my setup sees his righteous WAN IP is a GOOD THING for clients trying to connect.
Doesn't really matter much that clients are reporting LAN IP's as I don't believe anyone needs to connect TO a client one the client is connected TO a host.

If you fail a hosting due to router issues, investigate this file and you will probably discover the HOST's LAN IP rather than WAN IP which to me seems to be the crux of the issue.

I found out how to open up a range of ports through the DLink router's firewall, and still LB2 cannot be hosted unless I go to the DMZ.
However...
I think this mechanism isnt working so Im interacting with DLink's customer support.

What works as host are:
- Dialup
- Some Routers with NAT address in the DMZ
- Some Routers with port and IP forwarding with the ports mentioned above.

Update:
DLink acknowledges that there is a problem with the software. The proper IP and port forwarding range can be entered, but it still doesnt work.
If the application (LB2) works without the router or in the DMZ, then the firewall software is not opening up the ports and assigning them to the application and NAT IP addy correctly.
Reverant's success with behind his firewall and router is evidence that it can be done.

To REVERENT:
What is the make and model of your router?
What Windows OS and DX versions are you running?

Router: Netgear FR328S. Windows XP Pro SP2 with all the latest patches. Windows Firewall has been configured to allow any traffic to LB2.exe. DX? I think it's 9.0b, could be c though.

Here is my Netgear configuration:

Reverant,

Your services (bottom picture) maps the protocol to the ports.

The Inbound Services (middle pic) forwards the ports to your computer's LAN IP.

And the top pic (title not shown) locks out all other inbound services except for those allowed.

On my DLink 614+ rev B,
They use "Special Applications" page to map game "trigger ports" to "Public ports" (which can be a range of ports.

Then they use "Virtual Server" to assign "private IP" (LAN IP)to protocol and when its active (schedule). The protocol is a port and UDP/TCP/IMCP or all field where you cannot put in a range of ports, just a single port.

They do have a "Firewall" page where I can add new firewall rules. Here I can map a range of ports on the WAN to a range on the LAN and assign to a LAN IP. This is my best bet to get the 2300-2400 port range assigned to my computer's LAN IP. I can enter it, but its not working right. Hence why I contacted their cst support.

Its my opinion that this is where your and my router firewall software are different. If I could assign a range of ports to my LAN IP, then Im pretty confident that my router would host behind the firewall.

My workaround is to put my LAN IP into the DMZ to get around all the port issues. Not a very safe mechanism. Perhaps DMZ + Zonealarm (using trusted client IPs) is the way I can still be protected.

Otherwise maybe its time to buy a netgear router.
Just not the model that RECLUSE has. (J/K).


Recluse,
can you upgrade your firmware or something to get the same functionality as does Reverant?
What model is and firmware version are you using?

The DLINKs are good solid Firewalls for basic networks.

I find them a pain for nailing down the exact port ranges. They have a Virtual Server and a Firewall section. IMO, they should scrap that and use one screen for settings.

DMZ host will expose your PC indirectly to the Internet for almost every port. If you use this for gaming, disable M$ Networking on your Network Card. I haven't coupled that with a "software" firewall, but it might not be a bad idea. For a few hours of gaming you're safe in DMZ mode. Just make sure you have your OS patched, Antivirus up to snuff, etc.

+G

Do you mean these two connection items under the
OPEN NETWORK CONNECTIONS/NIC-PROPERTIES/GENERAL TAB?

Then uncheck these two services:
- Client for Microsoft Networks
- File and Printer Sharing for Microsoft Networks

But leave these checked:
- Network Monitor Driver
- QoS Packet Scheduler
- Internet Protocol (TCP/IP)

Do I have this right?

Regarding my DLink router,
it works for all sims that I own behind the firewall, except LB2. Probably due to this range of port forwarding glitch. The DL router DMZ works and putting trusted IPs into the ZA firewall works most of the time.

In order to access the Internet to host most games, surf and use Email, you ONLY need to have Internet Protocol (TCP/IP) enabled. This has worked long before M$ was a twinkle in Bills eye.

The rest is JUNK! ;-)

Now if you have a home LAN and want to share files using M$ Networking you'll need to enable the "Client for Microsoft Networks" and "File and Printer Sharing for Microsoft Networks".

Network Monitor Driver is used by some prgrams (like NetMON) for "Sniffing" traffic/capturing traffic on your NIC. The QoS Scheduler is for enhanced networks (usually High End switching/Routers, not for HOME users).

My Router and Reverant's are quite different animals. His is much more advanced (though it may actually be older). Mine is an MR814V2, and it is true that there have been several firmware releases since the one currently installed, but I don't really see much in any of the release notes that have much bearing on the situation.

Linksys and Belkin routers seem to have a much better LB2 success record than do most of the more common NETGEAR models. The Linksys WRT54G router has a current street price of around $40 which isn't bad. I almost picked one up on Black Friday. If possible, get one of the older ones (before V5) as they can use some Community Modded firmware that gives them lots of new features...thought it isn't at all clear WHAT features (firmware/hardware) make LB2 work.

That inability to map a range of ports in Virtual Server mode drove me nuts with my SMC Router. Seems like the D-Links are similar. For LB2, you could probably get away with using 26210 as the Trigger Port in Special Apps (if indeed port forwarding would work for LB2). With the SMC router I had, I used 47624 as a trigger to open the Direct PLay ports 2300-2400 for other games and it worked fine)

My Netgear DOES let me open a range of ports directly (and does not have the Special Apps type TRIGGER capability) and everything else seems to work except LB2. The older Voice app BATTLEFIELD COMMUNICATOR ('Battlecom') used to give me problems hosting a server with the SMC, but I don't think I ever tried it with the Netgear.

Are you saying that your SMC worked to host when on DMZ?? Mine never did Pretty sure I tried this with the Netgear as well with no luck, but I am game for another try sometime. I KNOW that the Port Forwarding worked on both routers as other applications/games most definitely responded when ports were open/closed.

Recluse

The SMC never worked as a DMZ, which is why I finally pulled the plug on it for use with Falcon4 AF and LB2 use. It was a great wireless router for when I used dialup and wanted to share it as we do today with broad band.

Then I moved to DLink and it has worked for everything except LB2, where I have to use the DMZ to host LB2. Ive tried all the combinations of trigger ports to the DPlay ports, to no avail.
It will get the clients to join if I use the Special Applications page and enter the 2300-2400 range, but it will hang on two loading bars before getting into the cockpit. The Virtual Server mechanism can only deal with single port forwarding, hence no ranges. This is why I am pushing for DL to fix their FireWall rule mechanism so that a LAN IP can be port forwarded to the DPlay ports range. If they fix this, then the DLink routers will be good for LB2.

If DLink doesnt satisfactorily send me a firmware update to address the port forwarding of port ranges as I requested; then Ill probably move on to NetGear. The challenge will be to get the right model (and keep my reciept!).

OK! I just got a Linksys router from Ebay. Paid pretty much the same price I could have gotten a NEW one for, but at least I didn't have to hassle with rebates. As long as it works, I don't care, and it's a VERSION 3 so I can mess with custom Firmware. First order of business will be to see if I can host LB2 through it. Will advise when it arrives and gets hooked up. My Netgear is a B router, the Linksys is a G so I'm getting a little faster wireless connection along with the possibility of hosting LB2

Recluse

bravo!
no expense is too great for lb2....

Speaking of Ebay, I picked up a boxed version of LB2 for $0.99. Can you believe it?

Came with Silent-ThunderII and Nova Logics v4 helo sim (I care not for either of these coffee mug costers).

WHOA! LB2 itself has generally commanded a really premium Ebay price. You got a great deal!

Recluse

Ya, got lucky on the LB2 boxed version.

Im currently checking out the DLINK DGL-4300.
Its a gaming router that does exactly what Ive been asking for all along.

The Linksys is supposed to arrive on Friday, so I may get it set up in time for a Saturday test flight or two. I figure I will test with one machine on Dialup as the client with the Host behind the router FIRST before trying to connect over the net with folks, but if the first test is a success, I'll go the next step.

REVERANT,

Can you translate your router's services and settings into these DLINK services please.

1. VIRTUAL SERVER
The Virtual Server option allows you to define a single public port on your router for redirection to an internal LAN IP Address and Private LAN port if required. This feature is useful for hosting online services such as FTP or Web Servers.

Enable Name IP Address Protocol/Ports
x LONGBOW2 192.168.0.109 TCP 26210/26210

2. Special Applications
The Special Application option is used to open single or multiple ports on your router when the router senses data sent to the Internet on a "trigger" port or port range. Special Applications rules apply to all computers on your internal network.

Enable Name Trigger Protocol/Ports Input Protocol/Ports
x LONGBOW2 Both 2300-2400 Both 2300-2400

3. GAMING
The Gaming option is used to open multiple ports or a range of ports in your router and redirect data through those ports to a single PC on your network. This feature allows you to enter ports in various formats including, Port Ranges (100-50), Individual Ports (80, 68, 888), or Mixed (1020-5000, 689).

Enable Name IP Address TCP Ports UDP Ports
x LONGBOW2 192.168.0.109 47624 47624


Point being, Im pretty hopeful that I can get this router to work as a host if I can get the right combination of ports and IP and triggering that maps to what you have in your router.

The way I think I read your is, you set up ports and ports ranges as services. Then you map the ports services to LAN IP address, or forward the ports to the LAN IP. Im wondering if any of your other ports are doing something for LB2 too.

Not Reverant, but I will give you my $0.02:

Use only the GAMING section and forward ports:

26210 TCP
47624 TCP
2300-2400 TCP/UDP

either on one line or several lines.

If you want to mess with trigger ports, then use 26210 as the trigger to open 2300-2400, 47624 but it is probably best to just forward them directly as there are timeouts involved with the trigger ports, and possibly the ports may close if they do not receive traffic for a particular period (e.g. when sitting in the Briefing map prior to FLY)

Recluse