Finally...

Am able fly LB2 as host or client via a wireless router and firewall configuration.

Much thanks to Reverant who pointed me to 1/2 the solution, the dedicated firewall and wired-only LAN router. The other 1/2 of the hardware solution is going another step further to allow wireless capabilities. Most wireless routers have their own firewall too, which is where things get tricky. Kinda of an exotic hardware solution to deal with a faulty wireless router firewall deficiency, but it works well and both devices can be had for under $100.

1. The Firewall:
NETGEAR Model FR328S ProSafe™ VPN Firewall w/8 Port 10/100 Switch and Dial Back-up. These can be found in some CompUSA or GoodGuys stores, as well as 2nd hand at online auction sites.

NetGear Firewall



2. The Wireless Router:
DLINK DI-614+ (revB) is an Wireless Broadband Router. (Note the DI-624 is the current version of it that is still available and with a $25 discount until 12.31.05)

DLink DI-624


Is LB2 really worth all this? Ya it is.

Ive invested far more in time, sweat equity and in controllers and other hardware for Falcon4 and other flight sims. So drop a bad habit and invest into this.

Hooah!

Terrific news AV8R!

Can you please give us a bit more detail - I take it the D-Link is plugged in to the Netgear - which acts as the DHCP host and are there any other special settings in either device - port forwarding or DMZ etc.

Thanks in advance

Cool man, welcome to the hoster's club! :-)

I don't quite understand how ADDING another box helps things out.. Did you disable the SPI firewall on the D-LINK, and use the NETGEAR for that?

I'm kind of confused how adding another hardware firewall/switch between the router and PC helps (I don't DISBELIEVE it, just don't understand the concept). Presumably the D-LINK is still doing DHCP for the system. Is the D-LINK forwarding ports to the NETGEAR which then forwards to the PC, or does the D-LINK still FWD directly to a PC, with the NETGEAR just sitting in between re-filtering all the traffic?

Maybe it is the VPN capability that makes a smoother connection between the WAN and LAN IP's...

Interesting....

Recluse

Actually its not all that complex in hindsight (which is 20:20)...

THE PROBLEM:

First, the problem I was having with the DLINK wireless router was that the firewall did not allow me to set port forwarding ranges.

Secondly, the DLINK did work as host/client when in the DMZ. This is a hint that wireless can work with LB2 if the firewall isnt in the way.

Thirdly, Ive posted extensively on this as to my tests with other routers and asked questions to REV why his worked in detail. Conclusion... the problem is two fold:
a. antiquated LB2 DX port definition and useage that was before the time of Broadband and routers.
b. wireless router firewalls whose firmware was port to port rather than port range capable for port forwarding on NAT and wireless routing. In all fairness to DLINK, LB2 was the ONLY sim that required such unique port range forwarding that I have in my extensive flight hangar. It may or may not have to do with LB2 also being the only old sim that supported cockpit sharing online. IL2 does it in modern WW2 sims, but this is supportive of what I stated in item "a" above.

SOLUTION:

The logical conclusion of the problem descriptions above are that the DLINK's fireware firmware is the problem. This may be true with many other vendors FWs also. A quick test is to see if you can host LB2 when your router and firewall(s) are out of the way. If you can, its not the: WinOS, nor the game, nor your modem, nor your ISP.

As Sherlock Holmes always said:
"When youve looked at the obvious and the solution is not found, then the solution MUST present itself in the unobvious!"

So the obvious (from logical deduction) is to use the firewall that works: Rev's FR-328s "ProSafe firewall".
The other obvious is to use the DI-614+ "Wireless Router" in its DMZ.

Whats not so obvious (gained via inspiration + perspiration) is getting the two to play ball together as there are a few challenges (ie tricks) that had to be worked out due to the two levels of NAT and two Firewalls, and a wired cable modem and wireless configuration thrown in for good measure.

In essence, Im employing the firewall of the Netgear and deabling the firewall of the DLINK for just one wireless connected PC on the LAN.

Currently Im also getting the right combo to work so that my home VPN (and Hamachi for F4) will also work appropriately. I will say this for the NETGEAR, it has a firewall firmware that is user configurable once you understand its RULES/SERVICES use model.

Ah so the game is afoot!

To answer your questions more directly my dear Watsons...

- RECLUSE, is that the hardware path is more like:
INET ->MODEM->NETGEAR FW->DLINK ROUTER ->Wireless Access Pt -> PC
Youve touched on the hardware configuration inspiration + perspiration effort I went thru.

- SWAG, Im using the NAT of both the NETGEAR and DLINK; yet being careful as both use 198.168.0.x octet structure. Remembering also, that to the NETGEAR, the DLINK is just another client on its LAN router/switch. REVERANT already supplied the NETGEAR firewall setting info per my inquiry a week or two ago under the ROUTER thread. NAT upon NAT works if one doesnt overlap addresses.
Youve touched on the sweat equity issues that I went thru and had to perserve past what was impossible and undocumented.

Well, BOTH my NETGEAR and LINKSYS routers allow me to fwd ranges of ports and won't work for hosting either via port Fwds or DMZ. I've always used them with WIRED machines, rather than WIRELESS machines.

I'm not convinced that this test really proves that.

No, the test is: Can you host behind a port range fwding router like a NETGEAR or LINKSYS using Windows XP whereas you cannot using Win9X.

I can host fine when no router is in the system. As soon as there is a router, whether port forwarding or DMZ it fails. As I have said before, I do not believe it is at all a matter of ports opening, but a matter of TCP/IP addressing. The HOST tells the clients to connect on the LAN IP (when FLY is pressed) and the connection fails. It may be that some routers and/or the TCP/IP implementation on newer OS's are smart enough to say "Whoa, that's not really the IP the client wants to connect to, but I will happily forward traffic to that IP from the WAN IP you are currently connected on".

On all the routers I have seen, there is not option to turn off the SPI firewall for a specific machine. It is either ON or OFF. I must say, however, I never tried turning it OFF on any router! That could well be the key as I am not sure exactly what the implementation of SPI (Stateful Packet Inspection) really does on these routers and whether or not this implementation varies from router to router.

Recluse

AV8R, what ports are you forwarding? Are they the same ones mentioned prior for hosts and clients?

Recluse,
Im putting the LB2 computer behind the firewall on my LAN in the DMZ. Not turning off the DLINK's firewall altogether.

I will have to qualify that is is all working on WinXP-SP2 and WinXP-Pro and Tablet-PC and PocketPC OS systems. I do not have any other OS systems (ie Win95/98/ME/2000/Linux/NT).

Harm,
Same as stated earlier
26210 TCP & UDP
47624 TCP & UDP
2300-2400 TCP & UDP

The only problem thus far is my VPN keeps dropping, this with the VPN, ISPEC, PPTP ports forwarded. Not sure yet if its an access point issue or the new setup. All my other computers on wireless or direct wired are on internet fine.

Hmm, not sure why you'd need to "double NAT" by having the DLINK connected to the Netgear (I'm assuming WAN on the DLINK is connected to LAN on the Netgear). Is that the case?

I have a similar setup, but there's no need to double NAT.


Connect WAN port on the Netgear to the Internet.
Turn on DHCP on the Netgear.
Plug port 1 on the Netgear to the DLINK's port 1 using an Ethernet CROSS-OVER cable. Basically joining the DLINK and NETGEAR LAN segments into one bigger LAN.
Don't run DHCP on the DLINK>

At this point the Netgear is the Firewall, the DLINK is just adding extra ports visible on the Netgear.

Wireless on the DLINK just adds more devices to the home LAN (you can even static assign the wireless devices if you have issues. The Netgear is the default gateway on the LAN.
The Wireless access point should just appear as more devices on the LAN (It acts as a wireless bridge).


Internet -> Netgear WAN port -> HOME LAN (Netgear LAN + DLINK LAN + DLINK Wireless bridge).

Netgear does all the NATing, obviously properly for LB2.

Work VPN via Nortel problem solved. HAMACHI only 1/2 works.
But I can live without Hamachi.

The double NATing works fine as Ive set it up.
Its not the key to what makes this work though.

This combo works because the NETGEAR has a firewall that properly forwards the port range that LB2 needs, and NETGEAR has a decent wireless router and a working DMZ.

Surely other combos of hardware would work too.
Perhaps even a NETGEAR wireless router would be a single device solution.

Thats my story, and Im stickin to it.

Don't misunderstand what I'm saying. I know you need the Netgear to host, I have a DLINK too (it no worky for hosting). I'm trying to understand how you have the DLINK connected?

Is your WAN port on the DLINK connected to a LAN port on the Netgear?

If it is, you don't need to do that, that's all.

It's simpler to join the two firewalls together via a crossover cable (basically using the DLINK as expansion switch ports and as a wireless bridge).

Double NATing will work, but it's a "department of redundancy depart" kinda thing in my view.

Now wireless devices may not cooperate with the Netgears DHCP, as always it "depends". More fun.

No worries +G...

Yes, the DLINK is just a device on the NETGEAR.
I am using the DLINK just for its wireless capabilities as the NETGEAR FW is not wireless.

Starting with a known working wireless router with a LB2 compatible DMZ was an important component to the overall solution.

If someone has enough bucks, try a wireless NETGEAR with ProSafe Firewall technology, and it may be the cats meow.

Youre correct in that not all routers are compatible with eachother, not only in DHCP, but even protocol. For example, I tossed my SMC wireless router because it was unable to connect to a LinkSys router who was hosting Hamachi. Thats why I switched to DLink. Just as we are seeing that not all firewalls are compatible or even their DMZs work with LB2.

Leverage from what Ive done, as I have leveraged from Reverant.

Net of the iNet is...

This a viable working solution to all of the below capabilities:
- enable multiplayer hosting and being a client in LB2.
- Runs wireless, wired-only,
- and is safe behind a firewall. (thx to Reverant)
- Verified for VPN
- Verified compatible hardware and protocols
- and works for online sims that I tested thus far:
LB2, Falcon4, LockOn, IL2, MSFS9, AArmy, SW-BF2, Condor, as well as most comms and chat programs.

cheers!

Just to drop a couple cents to the list of workin routers I'm going to drop you my router info. It was connected to a simple DSS-24 D-link autosensing switch when we tested it. works perfect with router doing port forwarding.

Router
Model: Linksys BEFSR11 ver.2
latest avalible firmware Oct/2004
Switch
D-Link
Model: DSS-24 Rackmount switch

I tried Software mode on a side note I got sick of the D3D artifacts and the Speed Problems with 3DFX I figured its a great solution for all thoes just wanting to use the F4 Helmet mode and being able to really easily make out your screens it was a problem with 3dfx the screens looked all diced up an dashed. No artifacts and game runs at normal speed all patches installed smooth running oh an POSITIVE G I noticed your site is fixed now but it says in the networking section under

5. A/C related
"Any attempt to get into a Kiowa has resulted in a game lockup or MS error popup before entering the cockpit phase. If someone has solved this problem, please share how it was done."

I tested this myself when I was in North Dakota this last week on 2 newish dells works fine both in same Kiowa chopper an one was running D3D an the other 3DFX different graphics cards an about as sketchy as you can get in 2 different setups but it workd fine patched an all. I used daemontools on both machines. Confirm yours? Have you tested this yet?

AV8R wrote that piece of the Network section, I can try this later. But nice to hear your's works fine.

I think I fixed the M$ Publisher issue, there's a way to tell it to handle PNG and VRML formatting, I tried that last night. In future I'll see about getting Firefox, IE and Opera installed on my PC so I can test how it looks. Dreamweaver is a tad too expensive for me to buy and I'm not a Notepad HTML coder! ;-)

Nick,

Weve been flying the Kiowa, BH and LB online for quite some time now. Lockups in the past were generally due to the HEAP variable not being set which affected the 2D cockpit not loading correctly when going to the Kiowa cockpit. Dont know if this deals with the above discussion or not.

Regarding the DSS-24 DLink switch plus the BEFSR11 Linksys router...

- Are you having success as host in LB2 over internet on a LAN (or both)?

- Have you tried hosting across inet with just the Linksys router without the DLink?

- It doesnt appear that the DLink DSS-24 features a firewall, but rather is a hi-perf data switch behind the router, so what does it add to the mix?

The BEFRS11 is a single port wired router but can be a DHCP server for the usual 253 clients. Connecting it to a Switch allows more than one PC to share the connection. The SWITCH does no routing or firewalling, just allows additional clients to join. Without the switch only one PC could be attached to the router.

The usual 4 port routers are ALSO built in switches allowing the additional wired connections.

YES he can host over the Internet through the Linksys. I have to figure out what is different between this Linksys and mine (well I know there is quite a lot..but isolating a particular setting or feature may help).

Recluse

Recluse,

So are you saying:

1. That the BEFS11 is a single hardware solution that allows both hosting LB2 and as client behind a working firewall using the LB2 ports? (if so great, now we have two verified configurations)

2. The DLink DI-614+ (and DI-624) router I have has a built in 4 port ethernet switch - as does the BEFS11.

The switches on the routers Ive mentioned above, only share the same WAN IP address to the wireless and wired access ports.

So again, Im not getting it as to why hes using a Dlink DSS switch. Is he getting multiple systems onto internet this way, each looking like they have their own WAN IP address?

The BEFSR11 router only has ONE LAN PORT. In order to share a connection, the SWITCH is connected to the ROUTER and multiple machines plug into the switch. Routers with a built in 4 or 8 port switch allow you to plug in that number wired clients. Routers with a SINGLE LAN port only let you plug in ONE device. If that device is a SWITCH, you essentially are using the EXTERNAL switch to substitute for the built in switch on the multi port routers, SHARING the single WAN connection. THe D-LINK switch has 24 ports!!! It's kind of the same thing you are doing with the Netgear Firewall and D-Link Router except that it is mulitplying WIRED connections rather than using WIRELESS, and the SWITCH has no NAT/FIREWALL features.

Linksys BEFSR11:


D-Link DSS-24:



..and YES it seems that this router allows LB2 hosting via port forwarding. PRESUMABLY, you could use a Wireless Access point or a Wireless Router in Access point mode (no DHCP or NAT) in the same way as a Switch to make use of the LB2 friendly BEFSR11. This is what PostiveG was saying above with your use of the Netgear firewall and D-LINK router. There is no need to DOUBLE NAT, merely use the D-LINK as a SWITCH/Wireless Access Point by connecting a LAN port of the D-LInk to the Netgear as opposed to connecting the WAN port of the D-LInk to the NETGEAR.

Recluse

How noisy is that switch? Does it get hot?
I was thinking of doing that too for more ports.

I tried one of these,

http://products.nortel.com/go/product_co...0&locale=en-US#

but with three case fans, it drove the noise level over the top.