[messages] [Technical Support & Bugs] ATT 2wire routers and connectivity with vassalengine

Tabpub robertdavidson2 at att.net
Fri Mar 20 20:32:53 CET 2015


"uckelman" wrote:
> Thus spake Tabpub:
> > 
> > My belief was that it is a problem with our routers firewall
> treating
> > this as intrusion/attack; traceroutes ran during failed connections
> > showed timeouts at gateway and next immediate connection in route.
> >
> 
> I suspect that's a spurious conclusion---you're firewall and some of
> the intermediate network infrastructure might simply be configured not
> to respond to pings.
> 
> > I do note that in the allow individual applications, there is a
> 'server'
> > setting, which then lists all the different types. 
> > If I knew the information, it might be possible to do the change
> there
> > to allow data in to the network. Choice are many; DNS, FTP, POP3,
> etc
> > .....doing something like this would probably be 'better' than the
> > DMZplus method; but again, I am not informed enough to render a
> > verdict/answer to that.
> 
> VASSAL's game server is on port 5050 on our machine. The port you're
> using locally to connect to it could be anything above 1024. I don't
> understand why what you're doing would help, since our game server
> isn't
> initiating connections to client machines. (Nor is our web server,
> which
> people had similar trouble connecting to.)
>  
> > This may also be mooted by the fact that ATT was apparently treating
> > this IP as a spam source; and therefore it might have also been
> > inhibiting data transfer from it as a security service. Again, I am
> a
> > not even an educated amateur regarding these things; I just saw that
> the
> > apparent problem was at the gateway; read that DMZplus lets in the
> most
> > information; enabled it and it worked. Of course, this puts more
> > reliance on my software firewall; but that's hopefully not an issue.
> 
> I think it would be a good test to check whether you still have the
> problem after setting your router back to the way it had been. If so,
> then clearly your changes were effective---but then I think some
> further
> investigation would be in order as to _why_.
> 
> -- 
> J.


Spurious; yes, that might be correct. I was just going with the first
thought that came to mind. My knowledge for this is quite limited and am
just doing the simian at the keyboard bit right now.....

Ran it set up with the DMZplus protocol set last night; it wasn't ideal
as one of the participants was traveling and using an 'hotel wi-fi' that
we have no data on. Logging on to the module for me was possible, but
took approx. 5 min to 'get the map' displayed on my computer. Play was
ok, but then 'lag' started to enter the equation about 1/2 way thru a 3
hour session; several people, myself on ATT and 2-3 others were
experiencing it; mine seemed the worse though....at one point was
getting no information.

Now, comes the odd thing; we were all in voice communication thru Skype,
then apparently the connection crashed and the conversation ended.
IMMEDIATELY upon this I got a Noah's Ark-like flood of information on
the map screen....felt like the end of 'Wargames' as text and units sped
across the mapscreen.

So, would it be potentially possible that this might also be the culprit
lurking in the weeds? It's interesting that the 'lag' seems to build up
for some (for me to the point of 'freezing' on my screen), yet I can
still move things and they are seen by others, but I don't see their
inputs.

Finally, regarding router setup; as a default, these two options are
enabled in my 2wire router (pg 31 of the manual that I linked to in
above message):

_Enabling Advanced Security
The 2Wire gateway firewall already provides a high level of security.
You can configure the firewall to provide
advanced security features, including stealth mode, strict UDP, or block
pings.
• Stealth Mode. When in stealth mode, the 2Wire gateway firewall does
not return information in
response to network queries; that is, it will appear to hackers who are
trying to access your network
that your network does not exist. This discourages hackers from further
attempts at accessing your
network, because to them it will appear as though there is no active
network to access.
• Block Ping. Ping is a basic Internet program that, when used without
malicious intent, allows a user to
verify that a particular IP address exists and can accept requests.
Hackers can use ping to launch an
attack against your network, because ping can determine the number form
of the network’s IP address
(for example, 105.246.172.72) from the domain name (for example,
http://www.mynetwork.com[1]). If you
enable Block Ping, your network will block all ping requests._

This is a bit of a Gordian Knot to unravel....it sure seems to be
connected to # of participants in module (we had 5); same 5 were in a
Skype voice conversation on the side. I know that I had nothing else
running concurrently; but can't say for the others.
My internet test this afternoon shows:
•	Download Speed  7.7 Mbps (962 KB/sec transfer rate)
•	Upload Speed  1.53 Mbps (191.8 KB/sec transfer rate)
•	Latency  24 ms
•	Jitter  0 ms
which would appear to be sufficient to do these two tasks to my layman's
eye. In the past we have ran a module with 4-5 participants and a Skype
on the side with no apparent problems last fall of '14. At this time,
we're probably just going with 'when we get slow, turn off the Skype and
turn it back on' as a workaround. Though, if you see something in the
above that seems a good candidate to modify, I am open to trying it.

RD

[1] http://www.mynetwork.com


_______________________________________________
Read this topic online here:
http://www.vassalengine.org/forum/viewtopic.php?p=48317#p48317


More information about the messages mailing list