Technology

NAT Loopback for DOTA games

Tuesday, September 29th, 2009 | Technology | No Comments

So I’ve had this problem for a while where if I hosted a DOTA (or W3..etc) Internet game on a server, none of my LAN friends could join the game. They could see the game but attempting to connect would timeout or reject, even though my ports were forwarded and random people could connect.

Reason for Problem:

There are a few reasons for this:

  • Some servers run a battle.net server clone using PvPGN. PvPGN has a “missing feature” when it comes to game advertising. The real Battle.Net servers are smart enough to recognize when two or more machines are trying to connect from a single IP address (ADSL connection, for example) and send back the internal IP of the host to its neighbours. The PvPGN server just sends back the Internet IP address to the host’s neighbours.
  • Routers have to be smart enough or configured to perform “NAT loopback” or “Reverse NAT” or “PAT” for connections originating from inside the local network to the router’s Internet addressable IP address and port.

So if you are unfortunate enough to combine these two problems, your friends on your LAN won’t be able to join any Internet games you’re hosting.

Typical example in which your host’s IP address is 10.0.0.5 and your Router’s Internet IP is 66.1.1.2.

  • Your host creates a game on the server.
  • The server lists the game and all other people joining are told to connect to 66.1.1.2:6112.
  • A buddy on your LAN (10.0.0.6) tries to join and is told to connect to 66.1.1.2:6112 as well. (A real Battle.Net server would tell it to go to 10.0.0.5:6112).
  • Your buddy’s game tries to connect… which means it tries to connect to your Router’s Internet IP.
  • The Router doesn’t have “NAT loopback” or “Reverse NAT” or “NAT on the inside” to forward internal requests (from 10.0.0./24) back into the network (to 10.0.0.5).
  • Your buddy’s connection attempt times out, is rejected or fails.
  • Your buddy goes back to his house to connect over the Internet. Everyone is sad.

Confirmed Working Router

I’ve found a good router which does NAT loopback out-of-the-box without any configuration.

It’s the Billion 7300G (RA) – ADSL 2+ Wireless 802.11g ADSL Modem/Router, 4 Port

I can confirm that this router works perfectly. :D It’s also quite a nice router.

Just Extra Stuff

Some routers will work automatically. Some will need to be configured. Some just won’t work. The thing with this is that it’s not really a feature that a router will advertise as having (like on the box or on it’s product page). You just have to know or test that it works.

Also, there are other methods for doing this – like setting your ADSL router into bridged mode – but this both increases the complexity of your network and exposes your internal machines directly to the Internet… so your security is compromised.

Intrusion Detection with AIDE

Sunday, March 1st, 2009 | Technology | No Comments

Advanced Intrusion Detection Environment, or AIDE for short, is a handy little utility which you can use to detect an unwanted intrusion into your server.   The website is here: http://www.cs.tut.fi/~rammer/aide.html

With computer security, you not only need to protect against incoming attacks but you also need to detect when an intrusion has taken place. AIDE is good for detecting successful intrusions within a server.

It works by creating an initial database of checksums for the files you want to monitor. You can choose from a myriad of hashing algorithms including MD5 and SHA1.  From then on, you can have AIDE check all your current system files against the compiled database.  If a file has changed it will be detected and you can take appropriate action if any is required.

This is useful if your machine becomes infected with a trojan or virus – the kind that modifies the binaries to embed itself within the usual commands. For example, coreutils’ ls, mkdir, etc.

The installation and setup is trivial, give or take the time you need to understand the configuration file and list the directories and files to monitor. So give it a go.

Tags: , ,

Geographic backups with rsync.net

Friday, February 27th, 2009 | Technology | No Comments

My server where this site and others are hosted undergoes a routine backup every couple of days.  Not much needs to be backed up but I’ve reached the point where each backup is approximately 100 MB in size. This server is hosted in the United States.

Here in South Africa, we have a monopolistic telecommunications provider named Telkom which overcharges and underdelivers basic services such as ADSL. I have to pay R 70 (Approximately USD $7  at the moment) for each gigabyte.  Besides that, I have a monthly ADSL cap of 3 GB which is shared amongst 4 people in my household. Apart from stifling the development of internet-based services in South Africa (imagine YouTube having to pay $7 for every GB a user uploads or downloads to them), it also makes simple things like transferring my meagre 100 MB backups locally a little unpleasant.  Telkom also hasn’t seen the need to introduce speeds over 4 Mbps. I’m sitting on 386 Kbps which suites me just fine because, if I went any faster, I might be tempted to use my bandwith cap within a day.

So I saw an advert for rsync.net which advertised rather cheap and convenient storage space. They basically offer disk space and provide ssh, ftp, rsync, webdav and *insert your protocol here* access to it. Can it be more convenient? I signed up with them on Wednesday and modified my backup system to scp all backups to their servers in Switzerland.  The only issue with the sign up was the +- 12 hour wait for the system to become active. If they automated signup and I had had instant access to the space, it would have been terrific.  Otherwise, everything worked first time as it should.

If you need some space for backups and you enjoy geographic safety, go with them.  I’d recommend them.

Tags: , ,

Quick and Simple SOCKS tunnelling with tsocks and ssh

Thursday, January 22nd, 2009 | Technology | 2 Comments

I found an awesome tool to quickly and simply set up a SOCKS tunnel from behind a firewall to an outside server. It’s called tsocks (http://tsocks.sourceforge.net/). Using this in combination with an ssh tunnel allowed me to tunnel all my traffic through our firewall and to a remote server over a secure link.  It was like working (browsing, for example) directly from the remote server.

You will probably want to use this technique if:

  • Your firewall is preventing you from accessing what you need to access outside your network.
  • You don’t have control over the firewall to open up the ports you need.
  • You DO have access to an external server via ssh.
  • The ssh daemon on the remote server has been configured to allow this or you can configure it yourself.  (GatewayPorts = yes)

I’ll just quickly go over the steps which will get you ready to run:

  1. Install tsocks.
  2. Configure tsocks.  My configuration looks like this:

    local = 192.168.0.0/255.255.0.0
    server = 127.0.0.1
    server_type = 4
    server_port = 1080

    Which means that for all local addresses, it will go directly over the LAN. However, for everything else, it will tunnel to 127.0.0.1:1080 over SOCKS version 4.

Now the only thing left is to create the SSH tunnel on a local port of 1080 (as configured in tsocks.conf) to your remote server:

bash#  ssh -D 1080  <username>@<server.com>

Leave that running. It’s your link to the outside world. Now open up another terminal and do whatever you need to do. In this example, we’ll start firefox:  (make sure your firefox isn’t already running so that it’s a complete restart.)

bash# source /usr/bin/tsocks on
bash# firefox

And…. that’s pretty much it.

Tsocks preload’s itself as a library and implements it’s own network operations. (connect,  etc..).   So it works like magic.

Tags:

Efficiency of emerge depclean

Wednesday, October 15th, 2008 | Technology | No Comments

So, I spent the weekend emerging all sorts of unfortunate things onto my laptop trying out all sort of music management software. These things included weird gtk, gnome, kde, mono and other stuff libraries. It was a mess everywhere and left me with an uneasy feeling in my stomach; I didn’t know what was on my system. Fortunately, emerge has it’s depclean feature which removes all unused dependencies and extraneous files from your machine. But I’ve always wondered how well it works…

It turns out that it works quite well.

I used a combination of qlist, find, cat, sort and uniq to determine which files were orphans on my system.

For all files which are supposed to be there: qlist -IC | xargs -n 1 qlist

Apart from some cache files, tmp files, a few configuration files and some portage related stuff, nothing was out of place.

So it’s a very clean management system. Hooray.

Tags:

My Linux iPod management options

Tuesday, October 14th, 2008 | Technology | 2 Comments

So, it turns out there aren’t many options for me under Linux. In total it came out to zero. This is really due to the fact that my iPod Class version was released oh.. 35 days ago and the software versions are too new for the open-source Linux support. Have a look here: http://support.apple.com/kb/HT1353#iPod_classic_120GB

If you mount your iPod under linux, you’ll notice straight away that they have some funny database system for storing the songs. This database version and format actually changes between revisions of the iPod software release. The open-source solutions are all capable of reading and writing the older versions because they’ve reverse engineered the format. But they need some more time to get the new ones working. Unlucky for me.

As a result, most of the open-source solutions would actually copy the songs to the iPod but failed to update the iPod database. Oddly enough they didn’t complain about this. So I would just assume that it worked but the music didn’t show up in the iPod menu.

In the end, I tried the following solutions:

  • Amarok – failed to install ‘cos I don’t have KDE installed and it was looking for something called kbuildsycoca on startup. Apparently it will wipe out your cover art on some iPods if you’re not careful.
  • Banshee – I tried the stable 0.12.1 release in the portage tree. It’s okay. It’s the only open-source solution which actually downloaded cover art for my library. The next unstable release is 1.2.1-rc2 which was brilliant compared to the previous release. Unfortunately it didn’t work with my iPod version.
  • gtkpod – Nice, convenient and small. Not too feature-full at all. I would have preferred to install and use this one because everything else required hundreds of other dependencies. Pity it didn’t work.
  • Rhythmbox – Similar to banshee, smaller. Would have been nice if it had worked. I think this is the default manager on Ubuntu so it’s probably well supported and has a future.
  • Songbird – Now this is my ideal manager. It’s very similar to iTunes and it didn’t require hundreds of dependencies. You can just download the binaries from their site and run it. Fantastic. It’s a professional product as well. All shiny. When they support my iPod, I’m switching to this.

My conclusions and next steps:

  1. I’m going to use iTunes as a stop-gap until Songbird supports the new iPod Classic on Linux.
  2. I need to convert my entire FLAC library to ALAC so that I can import my songs losslessly into iTunes until I get a linux client. (They all support my FLAC ‘cos I compiled it in everywhere.)
  3. I polluted my nice clean gentoo install with hundreds of new dependencies and applications which didn’t work. I’m now spending the day cleaning up all orphaned files which don’t belong. It gives me something to do.

Tags: ,

Drinking the Apple Kool-Aid

Monday, October 13th, 2008 | Technology | No Comments

Well, I’m now the owner of one of those new, darn-fangled iPod Classics with 120 GB. I must say, it’s a fine looking piece of machinery and I have a beautiful dark-brown and orange leather pouch for it as well. It looks great. Haven’t been able to use it yet, though. And there’s a reason why: I can’t easily get my music onto it. :)

The tricky part is the extreme lock-in by Apple which you only tend to discover afterwards and especially if you happen to be running Linux! Here are some poor actions and decisions on Apple’s part designed to lock you in, as well as some of the obstacles an awesome Linux user like me has encountered:

  • An iPod registers itself as external USB storage when I plug it into the machine. Great. However, you can’t just copy your music files over. I have all my CDs saved in FLAC format on a file server with ID3 tags embedded. I was really just assuming that I could convert them to something more supported (MP3 or AAC or Apple’s Lossless aka ALAC) and copy them across. However, the iPod keeps all the music within a proprietary database format and you need specialized open-source applications which have reverse engineered the format to copy them in.
  • I like my open-source applications lean and mean. (I run Gentoo. I’m weird that way). The open-source applications available aren’t too lean and mean at all. I’m still trying them all out, one at a time, until I find one that a) works and b) is easy to use.
  • iTunes only runs on Windows and Mac. This is a huge problem, as far as I’m concerned because the authority on Apple formats and their own proprietary stuff is Apple themselves. Because they don’t support Linux, the support you can find on a Linux platform is all reverse engineered and not up to date. So, to do an iPod justice and get it working out the box, you kinda need iTunes here. Unless you’re willing to experiment with the open-source software mentioned above.
  • The iTunes store for South Africa doesn’t have any music! What the heck?
  • I imported several common CDs of mine into iTunes and the cover art wasn’t loaded even though I asked nicely. Bah humbug. What’s the point of the pretty screen without cover art? I think this may have to do with the fact that iTunes SA doesn’t have the music in the first place.

Uh.. and that’s all. It’s a very pretty device. It would have been amazing if they didn’t lock it down the way they have. I’ll let you know what I find out about the open-source products.

Tags: ,

Migrating to a new server..

Thursday, February 21st, 2008 | Technology | No Comments

Yup. I haven’t done much here for a while but I should. I’m going to initiate the server migration so there may be some lapse between DNS updates. But, I don’t think that will affect too many people. None in fact. I should make this an interesting blog.

Tags: ,

Problems with Steam and Recent Update

Monday, December 3rd, 2007 | Technology | 1 Comment

My Steam client has been down the entire weekend thanks to the latest client update from Valve. Unfortunately, Steam is an example of a rather troublesome application. Some of the more annoying problems are:

  • Scrollbars in the news & shopping section don’t scroll the content, but only sometimes.
  • System tray icon losing count between single and double-clicks.
  • It’s slow when responding with the user. You can ask it to open a window and wait quite a while for it to pop up. On a bad day, it could take a minute. I’m not sure what makes a bad day.
  • When you ask it to quit, it takes a good minute or two after the the system tray icons have disappeared for it to actually die. (disappear from task list). Also, not sure what makes a bad day.
  • When you start it up without a network connection, you have to wait a minute or two for it to become visible.
  • Err… ya. If I could start it, I’d be able to list more but these are the obvious ones which are not being fixed.

So I followed their FAQ and uninstalled + reinstalled Steam several times. I knew it wasn’t a problem on my side but, you know, there wasn’t much else I could do and Steam was preventing me from accessing my games; I had some time.

If you’re having trouble with Steam this weekend or thereabouts, I found this post on the official steam forums: http://forums.steampowered.com/forums/showpost.php?p=7044096&postcount=830

Tags: , ,

Moving to WordPress

Sunday, November 18th, 2007 | Technology | No Comments

Bear with me for a few days while I move this site to WordPress…

Categories

Archive

Links

Meta

Search