Which ports should be opened in the firewall?
by Michael Layfield · in Technical Issues · 12/20/2007 (4:58 am) · 2 replies
We have a dedicated Torque 1.4 server under Ubuntu Linux 6.06 and we're trying to connect to it over the Internet. I changed the default Torque client program to let the client specify the IP address of the server explicitly, so we don't use the default master server for Torque games.
The trouble is, it won't connect to the server. The server's firewall accepts the default 28000-28001 UDP port (ingoing/outgoing) and nothing else. (I've heard in other sections of the forums that those are the minimal needed.)
I did some investigating, and when I did it over a simple LAN client-server setup, the clients seem to connect using various ports, one was 192.168.0.176:1101, and when I closed the client, ran it again, and logged in, it went out as 192.168.0.176:1116. I experimented some more and all the clients used different ports each time: 1784, 1801, 1814, 1829, etc.
I can't possibly add all those ports to the server's firewall, so I need to change this behaviour somehow.
My guess is that other than the port 28000 opened on the pc that the server program is using (used by clients to connect to the server), the clients also open some other port which they listen to (used by the server to communicate to the client). Is that correct?
Does anyone know why this is happening? Just which is exactly the one that chooses which port a certain client uses? Is it the OS? or Torque?
Please advise.
The trouble is, it won't connect to the server. The server's firewall accepts the default 28000-28001 UDP port (ingoing/outgoing) and nothing else. (I've heard in other sections of the forums that those are the minimal needed.)
I did some investigating, and when I did it over a simple LAN client-server setup, the clients seem to connect using various ports, one was 192.168.0.176:1101, and when I closed the client, ran it again, and logged in, it went out as 192.168.0.176:1116. I experimented some more and all the clients used different ports each time: 1784, 1801, 1814, 1829, etc.
I can't possibly add all those ports to the server's firewall, so I need to change this behaviour somehow.
My guess is that other than the port 28000 opened on the pc that the server program is using (used by clients to connect to the server), the clients also open some other port which they listen to (used by the server to communicate to the client). Is that correct?
Does anyone know why this is happening? Just which is exactly the one that chooses which port a certain client uses? Is it the OS? or Torque?
Please advise.
#2
The problem is the dedicated server's firewall is blocking everything except the one needed for connections (28000), so the server and any client can't communicate
>When Torque asks the OS for a port, the OS returns a port to Torque and pokes a hole in the firewall itself so
>that you can communicate through it.
Do you mean to say that Torque modifies the firewall settings automatically? Because I think that's not what's happening in my situation. The firewall for the dedicated server we use is a different hardware on the network.
I do know for sure that the server is properly listening on port 28000 (the console log file tells so).
12/20/2007 (10:21 pm)
Yes, I see. 28000 is only needed to initiate connections, while other ports are used for communications afterwards.The problem is the dedicated server's firewall is blocking everything except the one needed for connections (28000), so the server and any client can't communicate
>When Torque asks the OS for a port, the OS returns a port to Torque and pokes a hole in the firewall itself so
>that you can communicate through it.
Do you mean to say that Torque modifies the firewall settings automatically? Because I think that's not what's happening in my situation. The firewall for the dedicated server we use is a different hardware on the network.
I do know for sure that the server is properly listening on port 28000 (the console log file tells so).
Torque Owner Nikos Beck
The client asks the OS for a random port, say 39000. This is now an open port in the computers firewall. The client connects to the server on a pre-set port, say 28000. The server had previously asked the OS for port 28000 so it's now open on the servers firewall. The server will typically open another port, say 40000 and communicate with the client on it's port 39000. From then on there is a connection from client:39000 to server:40000. The server's port 28000 is used only to listen for connections; it passes those connnections onto another port.
You can pre-set ports on the client but there's no point, it's extra work for you.
Why the server isn't responding... it might be that port 28000 has previously been opened and never closed.
You only need to open up a single port on the server. That's for incoming connections. When Torque asks the OS for a port, the OS returns a port to Torque and pokes a hole in the firewall itself so that you can communicate through it.
Does that clear things up?