joehunk 10 Posted November 30, 2010 I am running a dedicated server behind a NAT router, specifically a 2WIRE 3800HGV-B. People can join the server and play just fine, and show as having low pings once they join, but in the server browse window, it always displays 2500 or "?" ping. Not surprisingly, it's hard to get people to join this server! What I have tried/tested: - I have forwarded UDP ports 2302-2305 to the machine running the server (i have tried it with and without ports forwarded with same results) - I have tried running my Arma client on the same machine or a different machine on the server - I have asked friends that are outside my NAT to look at the ping (it shows 2500 or "?" for them too) - Tried setting the machine running the server as a DMZ - I even fired up network sniffers and looked at my router's logs, and the only suspicious thing I see is an ICMP Destination Unreachable error sent from the machine running the server to some IP address I have never heard of, and seems to happen every time I refresh the server list. The exact error is: src=91.63.46.60 dst=99.156.87.173 ipprot=1 icmp_type=3 icmp_code=13 ICMP Dest Unreachable, session terminated "src" is the server IP address, "dst" is the IP address I don't recognize. I found a couple threads on the issue, but everyone seemed to report that once they forwarded the proper ports (which is the first thing I tried) that everything just worked. Any ideas? Share this post Link to post Share on other sites
visceralsyn 10 Posted November 30, 2010 Some, if not most routers have a completely seperate option to drop ICMP packets. Check the documentation for your router, or go through each page in its web-server, looking for something like: Block Anonymous WAN Requests, and disable it. ...Syn... Share this post Link to post Share on other sites
joehunk 10 Posted November 30, 2010 Don't confuse "ping" with "ICMP" in this case. The GameSpy server uses a custom UDP protocol, *not* ICMP, to implement its pings. There was lots of confusion on this in my research, but I can state categorically that GameSpy does not use ICMP to perform its ping calculations after having figured out the problem!! First of all, the ICMP errors from the router were a red herring. They resulted from me trying different port numbers on the server to see if that made any difference. GameSpy would still try to ping the old port after I had shut it down hence the error. The problem was something specific to my computer. I fired up a packet sniffer and saw that GameSpy was doing 2 bad things: 1. It was telling the server that my IP address was my LOCAL not my WAN IP 2. It was telling the server I had 3 different IP addresses?!?!? I scratched my head on that last one for a while then figured it out. Those 2 extra addresses are coming from dummy virtual network devices that VMWare installed (I use VMWare on my computer for various things). GameSpy was seeing those, trying to contact them, and failing. In short: I solved #1 by running the server on a DMZ (which gives it the same IP address as my WAN IP...note not all DMZ implementations do this, and it is critical), and I solved #2 by going into the Windows Device Manager and disabling both dummy adaptors. Both measures were necessary to get it to work, and neither worked by itself. Since I don't want to run my main computer on a DMZ nor do I want to disable those adaptors (since they cause VMWare not to work), I think I am going to run the server on a VMWare image, that I set to the DMZ. If you are able, running on a server in front of the firewall (I cannot due this due to how my ISP is setup) and also making sure you have no dummy network adaptors on the machine would also work. The real solution is of course for Gamespy to fix this...they should not get confused by multiple network adaptors nor by being behind a NAT. Share this post Link to post Share on other sites
Defunkt 431 Posted December 7, 2010 Don't confuse "ping" with "ICMP" in this case. The GameSpy server uses a custom UDP protocol, *not* ICMP, to implement its pings. There was lots of confusion on this in my research, but I can state categorically that GameSpy does not use ICMP to perform its ping calculations after having figured out the problem!! Actually sometimes it will use ICMP. The GS master list server first appears to carry out some sort of UDP probe to determine the NAT type and if it considers the NAT too restrictive for clients to traverse it will post it flagged as a query-by-ICMP server. Quite why GS imagines a game server that can't be queried via UDP could actually be played on via UDP is beyond me (especially as both game and queries seem to use port+0) but there you go. The matter is further complicated in my case because, in addition to having a server behind a 'strict' NAT (which will in fact happily allow query traffic through if the server is added explicitly by IP), the ping packet it then uses has only a 6 byte payload which is too small according to the routers protecting my server and all such packets are dropped so I am doubly f**ked and for no good reason. I post this here in the hope it may be of use to some other poor bastard in my situation and also in the vain hope that somebody from BIS might see this and direct a WTF! the way of GameSpy. Share this post Link to post Share on other sites
Dwarden 1125 Posted December 23, 2010 Actually sometimes it will use ICMP. The GS master list server first appears to carry out some sort of UDP probe to determine the NAT type and if it considers the NAT too restrictive for clients to traverse it will post it flagged as a query-by-ICMP server. Quite why GS imagines a game server that can't be queried via UDP could actually be played on via UDP is beyond me (especially as both game and queries seem to use port+0) but there you go. The matter is further complicated in my case because, in addition to having a server behind a 'strict' NAT (which will in fact happily allow query traffic through if the server is added explicitly by IP), the ping packet it then uses has only a 6 byte payload which is too small according to the routers protecting my server and all such packets are dropped so I am doubly f**ked and for no good reason.I post this here in the hope it may be of use to some other poor bastard in my situation and also in the vain hope that somebody from BIS might see this and direct a WTF! the way of GameSpy. can't You make the gamespy trustful exception on your router(s) ? Share this post Link to post Share on other sites
Defunkt 431 Posted December 24, 2010 (edited) Can't, not my router. It's an Amazon Elastic Compute Cloud virtual server (runs ArmA nicely and you can pay by the hour). I can configure the firewall around my instance but the GS master server still seems to consider the NAT too strict for UDP querying (frustrating because the ArmA client actually has no problem querying or joining the server if I add the IP via Remote). And having then reported the server as ping-by-ICMP-only the ArmA client's ping packet is basically considered illegal, you can specify payload size with Windows ping.exe and I think at around 22 bytes (working up from the 6 bytes used by the in-game browser) it suddenly started making it through. Edited December 24, 2010 by Defunkt Share this post Link to post Share on other sites
Dwarden 1125 Posted December 24, 2010 amazon support not helping i assume gamespy support not answering ? Share this post Link to post Share on other sites
Defunkt 431 Posted December 24, 2010 Well I don't think Amazon would see it as a fault, I think there may at one time have been a DoS attack technique based on under-sized ping packets. In any case it is well below the packet size normally used by ping. I did look into contacting GameSpy (mainly about why their probe misreported the NAT strictness but also the ping packet size) but their policy is that all end-user support has to be directed to the company licensing their component, i.e. YOU! Share this post Link to post Share on other sites
Dwarden 1125 Posted December 24, 2010 well this is not about end user support considering the problem is between GameSpy master and your service provider (also we can't do anything about GameSpy protocol specification and it's workflow or theirs master server(s) handling requests/queries) but i think You shall discuss this with Amazon so they add GameSpy master(s) into exception ... Amazon should accept Your request as GameSpy is service provider for many games Share this post Link to post Share on other sites
Defunkt 431 Posted December 24, 2010 I'm sure GameSpy already enjoys the same access into the cloud I do and my ArmA client can query and join the server just fine, the problem is; a) GameSpy's UDP probe apparently cannot traverse the same NAT that their in-game browser has no issues with. b) Having been instructed to use ICMP GameSpy's in-game browser uses an 'illegal' (or at least non-standard) packet size. I'm not sure a firewall exception would help either issue and if I were Amazon I would simply say GameSpy should fix their tech rather than require Amazon to re-configure around these issues. Share this post Link to post Share on other sites
MJK-Ranger 0 Posted December 24, 2010 (edited) I am running a dedicated server behind a NAT router, specifically a 2WIRE 3800HGV-B. People can join the server and play just fine, and show as having low pings once they join, but in the server browse window, it always displays 2500 or "?" ping.Not surprisingly, it's hard to get people to join this server! What I have tried/tested: - I have forwarded UDP ports 2302-2305 to the machine running the server (i have tried it with and without ports forwarded with same results) - I have tried running my Arma client on the same machine or a different machine on the server - I have asked friends that are outside my NAT to look at the ping (it shows 2500 or "?" for them too) - Tried setting the machine running the server as a DMZ - I even fired up network sniffers and looked at my router's logs, and the only suspicious thing I see is an ICMP Destination Unreachable error sent from the machine running the server to some IP address I have never heard of, and seems to happen every time I refresh the server list. The exact error is: src=91.63.46.60 dst=99.156.87.173 ipprot=1 icmp_type=3 icmp_code=13 ICMP Dest Unreachable, session terminated "src" is the server IP address, "dst" is the IP address I don't recognize. I found a couple threads on the issue, but everyone seemed to report that once they forwarded the proper ports (which is the first thing I tried) that everything just worked. Any ideas? Hi. Take a look at this, are you sure you don't recognize this ip 99.156.87.173? It seems to me it is your IP. 11/10/10 05:22:48 NoXiousNet.com | Official Zombie Survival - zs_uglyfort_v3 - Log file started, 11/10/2010 05:22 11/10/10 05:22:59 <Player Initial Spawned> - STEAM_0:1:14459131 The Nightmare | xx.xxx.xxx.xxx:61724 11/10/10 05:23:11 <Player Initial Spawned> - STEAM_0:0:6325776 Joehunk | 99.156.87.173:27005 11/10/10 05:23:15 <Player Initial Spawned> - STEAM_0:1:11058943 [sGA-1]Warrdogg | xx.xxx.xxx.xx:27005 11/10/10 05:23:48 <Player Disconnected> - STEAM_0:0:6325776 Joehunk | 99.156.87.173:27005 11/10/10 05:23:48 <Player Connected> Joehunk | STEAM_ID_UNKNOWN | 99.156.87.173:27005 11/10/10 05:23:54 <STEAM_0:1:14459131> The Nightmare: after this map pls try to vote for stormiest 11/10/10 05:23:57 <Player Initial Spawned> - STEAM_0:0:6325776 Joehunk | 99.156.87.173:27005 11/10/10 05:24:11 <STEAM_0:1:11058943> [sGA-1]Warrdogg: ok 11/10/10 05:24:18 <Player Disconnected> - STEAM_0:0:6325776 Joehunk | 99.156.87.173:27005 11/10/10 05:24:44 <STEAM_0:1:14459131> The Nightmare: help im outside 11/10/10 05:25:00 <STEAM_0:1:14459131> The Nightmare: pls open the door 11/10/10 05:25:18 <STEAM_0:1:11058943> [sGA-1]Warrdogg: where are you 11/10/10 05:25:23 <STEAM_0:1:14459131> The Nightmare: utside 11/10/10 05:25:49 <STEAM_0:1:14459131> The Nightmare: lmao 11/10/10 05:26:12 <STEAM_0:1:14459131> The Nightmare: kill me 11/10/10 05:26:21 <STEAM_0:1:14459131> The Nightmare: just kill me And the IP 91.63.46.60 comes from t-ipconnect.de (Germany) http://ip-hound.com/lookup.html?ip=91.63.46.60 Edited December 24, 2010 by MJK-Ranger Share this post Link to post Share on other sites
mosh 0 Posted January 9, 2011 (edited) Not that it really matters for my server, but the 2500 ping bothered me too... after trying every other piece of advice I could find, letting the ICMP through my router seemed to do the trick. Now how much harm that does I obviously have no clue... ;) EDIT - I'm not 100% sure that really worked for me... still working stuff out. Edited January 10, 2011 by Mosh new info Share this post Link to post Share on other sites
focher 15 Posted May 8, 2011 I know that you've probably either resolved or moved on from this issue, but I am experiencing the same issue. I am hosting it myself on a VMware ESX box, and once inside the game the ping time reflects accurately. This matches your troubleshooting that shows it's GameSpy that is incorrectly detecting the ping time in the game browser. One thing I wanted to suggest, if you haven't tried it, is to add ICMP to your Security Group on AWS. Perhaps it wasn't available before, but they definitely have a predefined ICMP rule to allow ICMP traffic to the box. Also, just to reinforce that AWS instances are not NAT'd. They always have a public IP address. It's dynamic and changes if you stop and restart the instance. Share this post Link to post Share on other sites