• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DMZ for gaming server - safe?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> DMZ for gaming server - safe? Page: [1]
Login
Message << Older Topic   Newer Topic >>
DMZ for gaming server - safe? - 29.Sep.2006 4:07:27 PM   
ras2a

 

Posts: 15
Joined: 25.Sep.2006
Status: offline
Hi all,
I cannot get game servers to work on my internal LAN (using dual-homed ISA Server and port forwarding / publishing rules etc).  I was seriously thinking of going down the DMZ route and publishing a box solely for multiplayer gaming etc.  I understand that I'd need an additional NIC for the DMZ segment.  How would I go about publishing the machine on the DMZ and would this then mean that the game server was 'totally' exposed to the internet?  If so, I imagine it would be prudent to deploy some additional client level firewall software on the game server?

In addition, I've read about the 'firewall client'....is this something that is 'mandatory' for getting gaming to work from Internal network to Internet?

Many thanks for any help and advice you can give

< Message edited by ras2a -- 29.Sep.2006 4:13:11 PM >
Post #: 1
RE: DMZ for gaming server - safe? - 29.Sep.2006 4:46:46 PM   
Guest
Hi mate!
first may I ask you why do you wish to publish a game server behind
a firewall like ISA?

Check Tom's article:
quote:

Some services may not work correctly using SecureNAT. You'll see this if you plan
on publishing certain Internet enabled multiplayer games. In this case, you'll need to configure
the server as a Firewall Client and then configure a wspcfg.ini file on that server. If that sounds
too painful, you can place the game server on a DMZ segment and create packet filters to allow
the required ports (typically 'all open' when dealing with a non-secure game server).

http://www.isaserver.org/tutorials/A_Web_Site_Using_ISA_Server_Part_1_Preparing_To_Publish_Your_Site.html

quote:

Web and Server Publishing Rules support simple protocols, with the exception of those that
have an application installed on the ISA 2004 firewall, such as the FTP Access application filter.
You can install Firewall client software on a published server to support complex protocols, such
as those that might be required if you wished to run a game server on your network. It is important
to note the Microsoft no longer officially supports this configuration and they recommend that you
have a C++ programmer code an application filter to support your application.

http://www.internetaccessmonitor.com/eng/products/articles/Why_the_ISA_Firewall_Client_Rocks/Why_the_ISA_Firewall_Client_Rocks.php

also wou might want to check:
http://blogs.technet.com/tristank/archive/2006/01/12/PublishingJointOps.aspx?Ajax_CallBack=true&Ajax_CallBack=true
http://tinyurl.com/pu54f

(in reply to ras2a)
  Post #: 2
RE: DMZ for gaming server - safe? - 29.Sep.2006 4:57:32 PM   
ras2a

 

Posts: 15
Joined: 25.Sep.2006
Status: offline
Hiya Ade,

Cheers for the extrememly swift reply.  After my initial post I did a bit of digging and found this thread:

http://forums.isaserver.org/m_10028800/mpage_1/key_firewall%2cclient%2cgame/tm.htm#10028800

Guess I should have searched a bit harder (apologies).  I'm not acutally trying to publish dedicated game servers, merely allow direct IP play with games such as Call of Duty / Medal of Honor (friends specify my public IP to connect).  I've achieved this very easily with a basic (Netgear) NAT router in the past, but since setting up ISA Server, I've not been able to get 'any' games working.  I have read various thing (as you posted) that basically say that M$ don't support games for ISA etc.  I've not looked properly at the other info you posted, but will do so now.

Will try setting up the gaming rig as with Firewall Client and then test the games again..

Many thanks indeed for your advice - much appreciated :)

Cheers matey!

ras

(in reply to Guest)
Post #: 3
RE: DMZ for gaming server - safe? - 2.Oct.2006 2:34:12 PM   
ras2a

 

Posts: 15
Joined: 25.Sep.2006
Status: offline
I've installed the Firewall client to my gaming rig, however friends still cannot connect.  However, I've not configured ports etc for the Firewall client from the ISA Server management console.  Not sure exactly what to do here?

(in reply to ras2a)
Post #: 4
RE: DMZ for gaming server - safe? - 3.Oct.2006 9:33:04 AM   
Guest
Hi Ras!
firts of all I think if you don't know excctly
what protocols and ports to allow on ISA you
will never get this to work.
so you should host your game internally, connect to the server
and use a network protocol analyzer like wireshark(ex ethereal).
maybe this links will help but I suggest to inspect yourself the traffic
because most of the settings find on web are for dumb firewalls not for a firewall like ISA:
http://www.lanage.ca/lanage_game_server_setup_guides_medal_of_honor.php#firewall
http://home.planet.nl/~vink5059/artikel_overzicht_ippoorten.html
about firewall client that remains to be seen:
http://www.isaserver.org/articles/Gaming.html

(in reply to ras2a)
  Post #: 5
RE: DMZ for gaming server - safe? - 3.Oct.2006 9:33:09 AM   
Guest
I forget to mention: do you use gamespy?

< Message edited by adrian_dimcev -- 3.Oct.2006 9:36:13 AM >

(in reply to ras2a)
  Post #: 6
RE: DMZ for gaming server - safe? - 3.Oct.2006 2:15:52 PM   
ras2a

 

Posts: 15
Joined: 25.Sep.2006
Status: offline
Hiya Ade,

lol, no...I 'do' know what ports to use (I just meant I didn't know 'how' to configure ports etc for the Firewall Client (thought I think its somewhere in the ISA Management console).  The ports required for the particular game I'm trying to get running (Medal of Honor: Allied Assault) are all UDP (apparently): 12201, 12202, 12203, 12204, 12210 and 12300.  I won't be using gamespy at all as I simply want to host a direct IP game (on my gaming rig) across the internet (allow friends to connect) so don't need all the convoluted ports for that :)

I will try the Firewall Client tonight....tbh - I'd just about given up getting 'hosted' games to work with ISA, but will try this out.

Alternatively, I was wondering if I could somehow use one of my spare public IPs that I have bound to the external NIC of my ISA box? Maybe I could 'assign' this to the internal LAN IP of my gaming rig and 'allow all' traffic through?

ISA is a superb product, but for apps that use non-standard ports, it's a pain in the neck - lol

Oooh, forgot: I have actually tried Wireshark (Ethereal) the other day, but it seemed to simply report the protocols (namely UDP 12300) that I mentioned above.  However, I will try it again and inspect the traffic more closely to see if other ports are requested.

Thanks for your continued help, mate, I appreciate it. 

Edit: Just checked those links you sent me, every site you got to tells you a different tale with regards to what ports are required any given game....mad!

ras

< Message edited by ras2a -- 3.Oct.2006 2:29:00 PM >

(in reply to Guest)
Post #: 7
RE: DMZ for gaming server - safe? - 4.Oct.2006 12:06:05 PM   
ras2a

 

Posts: 15
Joined: 25.Sep.2006
Status: offline
Ade,

Check out what I've done as a workaround (for now). See this thread:

http://forums.isaserver.org/m_2002011299/mpage_1/key_/tm.htm#2002028591

Again, it's most definitely not a good solution (to my mind), but it's just temporary.

(in reply to ras2a)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> DMZ for gaming server - safe? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts