[Logo]
 
  [Search] Search   [Recent Topics] Recent Topics   [Members]  Member Listing   [Groups] Back to home page 
[Register] Register / 
[Login] Login 
Server ports and my firewall  XML
Forum Index -> UT2004 DisastrousConsequences.com
Author Message
skullcrusher


[Avatar]
Joined: 11/04/2005 16:07:28
Messages: 25
Offline

I have read that UT2004 uses ports 7777,7778,27900,28900,28902 but further details are missing. Are they all UDP? Are all the ports server ports? Do transmissions to each port originate from the client?
[WWW]
v0rTeX

Wicked Sick!
[Avatar]

Joined: 12/19/2004 20:59:52
Messages: 562
Offline

http://wiki.unrealadmin.org/Server_Setup_%28UT2004%29#Running_a_Server_Behind_NAT
Spacey

Wicked Sick!
[Avatar]

Joined: 01/07/2005 21:28:14
Messages: 589
Location: Da'Burgh (Pittsburgh) PA
Offline

I take it you are talking about connecting outward?? What are the details on your firewall, and do you follow a block by default scheme? I have a BSD based firewall running IPF and allow out and block in by default, but I have a both a server (Spacey's Spaceport, http://belclan.ka8zrt.com/Spaceport/, which I am pretty restrictive on who gets in), and a client (my daughter Avis's machine) which is blocked out by default, so I should be able to get you sample rules if that previous reference does not help.


*BEL*_e (spacey), BEL Clan General -- You Frag em, I'll Slag em!
LA -- *BEL*_e (level 283 - Extreme AM), LW -- *BEL*_o (level 26) MM - ?? ( *BEL*_Rolaids ?? *BEL*DrWho??, Engineer... *BEL*BS_E_E [BSEE '89, Ohio U] (level 22)

[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
skullcrusher


[Avatar]
Joined: 11/04/2005 16:07:28
Messages: 25
Offline

Spacey, I run a Linux box (iptables). Yes, I am taking about my client connecting to an Internet Ut2004 server. I filter my packets both ways. I think that good Internet citizens should. If everyone filtered their outbound traffic there would be less evil zombie and worm traffic.
[WWW]
Spacey

Wicked Sick!
[Avatar]

Joined: 01/07/2005 21:28:14
Messages: 589
Location: Da'Burgh (Pittsburgh) PA
Offline

skullcrusher wrote:
Spacey, I run a Linux box (iptables). Yes, I am taking about my client connecting to an Internet Ut2004 server. I filter my packets both ways. I think that good Internet citizens should. If everyone filtered their outbound traffic there would be less evil zombie and worm traffic. 


I think that for a Windoze (I could use worse names, but I won't) box which is up for any amount of time, bidirectional filtering should be manditory, and not on that machine, but on something external. The reason is that M$ fixes something this month, and they have to fix it yet again next month, and the month after, etc., etc. (anyone who desputes this should take a look at the detailed reports I get because of the fact that I was on the CSI tiger team, and have been subscribed to the mailing lists for 10+ years). As for Linux or other forms of UN*X, things are much better off, and one needs only keep an eye on traffic patterns (this is aided by "pass out" and "pass out log" rules in IPF, where logging is done on unknown traffic), and perhaps force outbound SMTP, HTTP and a few other protocols to route via a bastion host.

Now, as for rules, destination ports used in UT2K4 from a server end are as follows (from my ipf config file):

# 7777/udp default gameplay port
# 7778/udp server query port
# 7779/udp+ allocated dynamically for each helper UdpServerUplink ob
ject.
# Good starting range is 7779-7781, and add more as needed
.
#
# 27900/udp Server query, if server uplink is enabled. Some master servers
# may also use other ports, like 27500.

It may be that the server query is not needed from a client perspective. One other option if you are targeting specific servers is to open up outbound wider to just those servers. So for example, a rule where the block out state is default could be specified as:

pass out quick proto tcp/udp from client/32 to ext-server/32 keep state keep frags group 99.

Hope this helps.

*BEL*_e (spacey), BEL Clan General -- You Frag em, I'll Slag em!
LA -- *BEL*_e (level 283 - Extreme AM), LW -- *BEL*_o (level 26) MM - ?? ( *BEL*_Rolaids ?? *BEL*DrWho??, Engineer... *BEL*BS_E_E [BSEE '89, Ohio U] (level 22)

[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
skullcrusher


[Avatar]
Joined: 11/04/2005 16:07:28
Messages: 25
Offline

Thanks for the information.
[WWW]
skullcrusher


[Avatar]
Joined: 11/04/2005 16:07:28
Messages: 25
Offline

Spacey wrote:

Now, as for rules, destination ports used in UT2K4 from a server end are as follows (from my ipf config file):

# 7777/udp default gameplay port
# 7778/udp server query port
# 7779/udp+ allocated dynamically for each helper UdpServerUplink ob
ject.
# Good starting range is 7779-7781, and add more as needed
.
#
# 27900/udp Server query, if server uplink is enabled. Some master servers
# may also use other ports, like 27500.
 


I found that 27900/tcp not udp was needed. Also, while I can now connect and play, I cannot browse for available servers.
[WWW]
v0rTeX

Wicked Sick!
[Avatar]

Joined: 12/19/2004 20:59:52
Messages: 562
Offline

I believe that port 27900 is used to check what servers are online.

Even though a client wouldnt need it to play on a server, the game may need it to tell you what servers exist
 
Forum Index -> UT2004 DisastrousConsequences.com
Go to: