Jump to content
Rhesus

Friend can't connect to my Server

Recommended Posts

Hey all, so my friend and I both have separate copies of Il-2 BOS (I also have BoK) and we both tried hosting the test_dogfight mission etc, and we can detect and click to join each others server...but it always says error connecting....we have played many MP games aside from IL-2 and have no issues, I submitted for a Dserver key a few days ago...is that usually the best way to host a server? because doing it through the MP menu (Create a Server) doesn't seem to work...and Yes I"m able to join random MP servers as well (checked just to ensure I didn't have any game client or other issues etc) We both disabled our firewalls etc. Should I wait for my DServer key to try that method or am I missing something here?

  • Sad 1
  • Upvote 1

Share this post


Link to post
Share on other sites

Salutations,

 

What you describe is exactly what I and a friend have experienced. We can connect to other multiplay servers and can both see our own servers but cannot join them. I have a Dserver account and still obtain the same results. It's not our firewalls. It seems to be porting problem. I simply have not been able to open the needed ports to play the game on the Deserver. I've tried everything. I've come to suspect that my ISP is blocking the needed ports.

 

Regardless, we just gave up. This should not be so difficult or involving. I'm wondering if the same problem would exist with any coop mission server I put up. I'm skeptical. 😕

  • Thanks 2

Share this post


Link to post
Share on other sites

Really bad to know it.
This kind of multiplayer mode, one to one, should be easily supported in a game like IL-2.
In fact I was hoping to play Flying Circus mainly in this way.

  • Thanks 1
  • Sad 1

Share this post


Link to post
Share on other sites

Yes, it sucks.

Such a mode is supported but for whatever reason some simply can't create servers for multiplay use.

 

Have you done everything you know of to open the correct IL2 gaming ports? You may luckier than me.

Share this post


Link to post
Share on other sites

I am looking into the port issue now but I doubt that would be it....I have UpnP enabled and have never had any port issues with any game before?

  • Upvote 1

Share this post


Link to post
Share on other sites

Let me know if you find a solution. It might not help me but one never knows. :salute:

  • Upvote 1

Share this post


Link to post
Share on other sites
4 hours ago, Thad said:

Port 28100 needs opened to receive downloadable missions.

 

       Look for "Downloader Port" (28100) on pg. 326. Should be TCP.

       Look for "TCP Port" and "UDP Port" (28000) on pg. 331.

 

Port 28110 may be needed for forwarding.

        This port is not covered in the manual Do some people need it?

 

It's covered on the mission creation manual.

 

Starts on page 325.

IL-2_Sturmovik_Mission_Editor_and_Multiplayer_Server_Manual.rar

 

In addition to italic text above, make sure to select the "External" checkbox.

Edited by JimTM

Share this post


Link to post
Share on other sites

Had the same issue, and with the new router we have opening ports is almost impossible without jumping through 500 other hoops. If it was 5 years ago this wouldn't be an issue. But apparently ISP's are locking that shit up. Wish there was another way as I got my brother to buy the game and we wanted to play in VR together in co-op.

Share this post


Link to post
Share on other sites

Yes, in my case it is most likely my ISP that is blocking ports. I know port 80 is blocked. I have and can open any port or ports I desire for my router and NONE of them are open afterwards during testing. 😟

Share this post


Link to post
Share on other sites
23 hours ago, Thad said:

Yes, in my case it is most likely my ISP that is blocking ports. I know port 80 is blocked. I have and can open any port or ports I desire for my router and NONE of them are open afterwards during testing. 😟

I don't think my isp is blocking them but they;ve made it now where unless you go through the hoops of setting a static IP address on my PC than the ports will not open. Somehow my IP isn't static yet it's always the fucking same, how that makes any sense is beyond me.

Share this post


Link to post
Share on other sites

I had the same issue as posted above.

 

Checking the ports were open on my router/modem AND my virus protection Firewall software allowed me to see my friends server. 

 

A lot me reading later I found that in order to host a server you need to contact the developer explaining you want host a server and they will give you another log on with which to host a server. I'll try to find the thread for that ...

Share this post


Link to post
Share on other sites

ISPs don't block ports. They will block attempted port scanning. The ports are local to your router. Also, if port 80 (HTTP) was blocked, you'd not be able to surf the Internet. 

Share this post


Link to post
Share on other sites
3 hours ago, Bananimal said:

ISPs don't block ports. They will block attempted port scanning. The ports are local to your router. Also, if port 80 (HTTP) was blocked, you'd not be able to surf the Internet. 

That's bull, sorry to say.

Of course ISPs block ports (and that's not even necessarily a bad thing).

And of course you'll be able to surf the internet when incoming port 80 connections are blocked.

Heck, nowadays even port 80 isn't all that relevant anymore, the majority of http traffic uses SSL (https) and as such, port 443.

But of course that one could be blocked for incoming connections as well.

 

Add to that, lately some ISPs put their users behind a NAT and in such case, you've got no chance to get any incoming connection to work at all.

 

:drinks:

Mike

Edited by SAS_Storebror
  • Haha 1

Share this post


Link to post
Share on other sites

Not bull. I know better. Block your port 80 and get back to me. Your internet would be partially functional at best only leaving SSL open on 443. You'll also be lucky if you can get back into your router interface on your private LAN once you turn off port 80 as typically local or Intranet runs on HTTP mostly. There's generally no reason to encrypt internal communications. Depending on the router, you may not be able to turn off port 80 for this reason. With all due respect, sounds like to me that you're just rattling off networking buzzwords to sound like you know what you apparently don't. HTTP is still very much prevalent on the net and your internal network. Not everything rides on 443. I also don't believe you know how NAT works.

 

NAT is used primarily on-prem to obfuscate internal IP address as outbound TCP packets leave your perimeter. In this case, your home network. It blocks nothing. It's a translation that takes place. Network Address Translation or NAT. That's to say, if there is any NAT going on, it's your router or firewall doing it. There is no benefit that I am aware of for an ISP to NAT your TCP transmissions. What do they care? The security of your private network is not their concern. Being "behind a NAT" as you say, means nothing. You cannot be behind a NAT. NAT is a configuration setting, not a firewall. Furthermore, if NAT is turned on, you most certainly will be able to send and receive TCP packets in a transparent fashion. You as a user would never know the difference. 

 

NAT in a Nutshell

 

TCP packet moves outbound from your NIC to your router. If NAT is enabled in your router's config, each packet gets wrapped with new header info that includes a new IP address that is entirely different than what was originally included in the packet header from your NIC. All packets from all of your devices on your private network (behind your router) are assigned the same IP on the public side outbound. Obfuscation. All NAT'ed packets leave your router with the same, single IP, and are consumed by the destination devices/hosts in the cloud. These devices/hosts don't give two Willies what the IP address is in the header. The destination device/host sends return packets back to the NAT'ed IP address, which is your router. You router unwraps the IP header from the packet and knows which internal IPs on your network to route the packets to. This keeps devices, hackers, and other bad actors from targeting internal IP addresses on your private network. For this reason, disabling NAT and broadcasting your internal IP schema to the world is a risky endeavor. I have a feeling next you'll be telling me that a Class C IP is routeable over SSL. 

 

HTTP = port 80

HTTPS = port 443

TCP = protocol 

 

The majority of HTTP traffic uses HTTPS?  Not correct. HTTPS and HTTP traffic use TCP as do other ports e.g., IL-2.  

 

Don't take offense to this, but if you're foolish enough to disable NAT on your router thinking it will possibly solve your network connection issues in IL-2, you're opening yourself up to man-in-the-middle attacks. Bad actors would be able to target specific IPs on the private side of your router because you're exposing your internal IP schema to hackers should they intercept your communications, which is very much a reality these days. Specifically over HTTP or other transmissions in the clear like SMTP and FTP..

 

Now the reason I chimed in here is that most of the posts in this thread are significantly off the mark. My suggestion is to enable NAT immediately for security reasons, forward port 28000 TCP and UDP separately in your router config. Then forward port 28100 using the "Both" option for both TCP and UDP if your router has the "both" option. If that doesn't work, try setting TCP and UDP for port 28100 separately like you did for port 28000. NAT is not your problem. 

 

Here's a screen of my router config:

 

config.jpg

Edited by Bananimal
  • Upvote 1

Share this post


Link to post
Share on other sites
On 2/11/2019 at 10:00 AM, SAS_Storebror said:

That's bull, sorry to say.

Of course ISPs block ports (and that's not even necessarily a bad thing).

And of course you'll be able to surf the internet when incoming port 80 connections are blocked.

Heck, nowadays even port 80 isn't all that relevant anymore, the majority of http traffic uses SSL (https) and as such, port 443.

But of course that one could be blocked for incoming connections as well.

 

Add to that, lately some ISPs put their users behind a NAT and in such case, you've got no chance to get any incoming connection to work at all.

 

:drinks:

Mike

 

 

Sorry, but just embarrassing because completely wrong. Read what Bananimal wrote, he obviously has more idea of the topic. 

 

:drinks:

Network Admin

 

Share this post


Link to post
Share on other sites

I duly hope you guys understand what I was talking about at all.

This thread is about people having issues to let others join their hosted game.

In order to do so, they have to be able to handle incoming traffic on the relevant port, in case of IL-2 per default this is 28000/28100.

 

Later on in the discussion people thought about whether the troubles might be related to their ISP blocking ports.

 

What's been stated here by Bananimal in reply was that if an ISP would block port 80, you would not be able to surf the internet.

That's bull.

Read and understand: We're dealing with incoming ports.

If an ISP blocks port 80 incoming for you, you can still surf the internet. Period.

(Hint: That block is not to keep you from surfing, it's to keep you from violating common T&Cs which usually prohibit (web-)server operation on private subscriptions)

 

Then Bananimal tries to make me look stupid with his lengthy explanation about NAT.

That's completely missing the point of my statement: I've been talking about NAT'ted internet access on ISP level.

When the ISP puts you behind a NAT (read: Carrier Grade NAT) then there's nothing you can do to get incoming connections to work at all. Period.

 

The level of ignorance is what's really embarrassing here...

 

:drinks:

Mike

Share this post


Link to post
Share on other sites

Alright. Doing some research on what ports ISPs may block. Coming up with a few things. Of interest for this particular ISP is this is port 67 - UDP. I stand corrected and humbled to a degree. 

 

Blocked Internet Ports List

Find out which ports are blocked by Xfinity and Comcast services, and why.

Ports on the internet are like virtual passageways where data can travel. All information on the internet passes through ports to get to and from computers and servers. When a certain port is known to cause vulnerability to the security and privacy of your information, Xfinity blocks it to protect you.

Find the Reasons for Blocking Listed Below

 

Port Transport Protocol Direction Downstream/ Upstream to CPE Reason for Block IP Version
0 TCP N/A Downstream Port 0 is a reserved port, which means it should not be used by applications. Network abuse has prompted the need to block this port. IPv4/IPv6
25 TCP SMTP Both Port 25 is unsecured, and Botnet spammers can use it to send spam. This does not affect Xfinity Connect usage. We recommend learning more about configuring your email settings to Comcast email to use port 587. IPv4/IPv6
67 UDP BOOTP, DHCP Downstream UDP Port 67, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks. IPv4
135-139 TCP/UDP NetBios Both NetBios services allow file sharing over networks. When improperly configured, ports 135-139 can expose critical system files or give full file system access (run, delete, copy) to any malicious intruder connected to the network. IPv4/IPv6
161 UDP SNMP Both SNMP is vulnerable to reflected amplification distributed denial of service (DDoS) attacks. IPv4/IPv6
445 TCP MS-DS, SMB Both Port 445 is vulnerable to attacks, exploits and malware such as the Sasser and Nimda worms. IPv4/IPv6
520 UDP RIP Both Port 520 is vulnerable to malicious route updates, which provides several attack possibilities. IPv4
547 UDP DHCPv6 Downstream UDP Port 547, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks. IPv6
1080 TCP SOCKS Downstream Port 1080 is vulnerable to, among others, viruses, worms and DoS attacks. IPv4/IPv6
1900 UDP SSDP Both Port 1900 is vulnerable to DoS attacks. IPv4/IPv6

 

 

Hmmmm. I'm looking like a dufus about right now I presume.

 

Worth checking with your ISP.  Many block some ports but it is usually incoming traffic to prevent you from hosting servers and business services on a residential service.  Outgoing traffic is usually allowed for all ports.  In the event they do block se, and  it is usually things like SMTP and VPN's.    I did hear of, but no confirmation, one ISP planning to block all traffic other than o, going  ,  thinking they could prevent allot of malware from using uncommon ports 25, 53, 80, 443.

Edited by Bananimal
  • Thanks 1

Share this post


Link to post
Share on other sites

so what i am reading from all this is that if your router does not allow you to forward ports you are basically screwed?

Share this post


Link to post
Share on other sites

Out of curiosity: What does it mean to say a port is "vulnerable"?

Wouldn't that just depend only on what application, if any, would be listening on that port? That was at least up to now my laymans thinking.

Share this post


Link to post
Share on other sites
On 10/13/2019 at 3:08 PM, Muddyn said:

so what i am reading from all this is that if your router does not allow you to forward ports you are basically screwed?

 

It's true but unlikely to happen in practice, provided you can log-in to your router and navigate its interface.

 

There's misleading data in this thread:

 

This kind of multiplayer mode, one to one, should be easily supported in a game like IL-2.

 

That's a hardware issue outside developer control.

 

On 8/5/2018 at 1:44 PM, JonRedcorn said:

I don't think my isp is blocking them but they;ve made it now where unless you go through the hoops of setting a static IP address on my PC than the ports will not open. Somehow my IP isn't static

 

When forwarding ports you specify to which connected machine the port will send data. Some routers identify machines by name, others by their IP address. In the latter case I would expect the router to keep the specified IP constant, however it's always advisable to configure the hosting machine to have a static IP address, as it must be specified in the game server's configuration. I would suggest setting a static IP prior to any port forwarding. Tutorials are available online.

 

It's unlikely that an ISP will block the ports this game uses, but if there is good reason to suspect otherwise you can always attempt to ask for them to be unblocked.

 

Don't give-up unless someone in the know, having familiarised themselves with your system, gives you an explanation as to why it can't be done.

 

Connecting to a remote server (for this game at least) does not require any local port forwarding.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...