Forwarded Port Issue for Direct Connection

[ind5c7_2210]

I have a unique scenario for my hosted server. I have it setup for just friends, and can only get a few ports forwarded outside my network due to ISP limitations. With that, I have a firewall rule to forward one of my custom ports to my server.

 

The issue I'm having is friends who want to connect to the server externally. I can connect locally and hit port 16262 and get the "direct connection" just fine. However, when friends hit my external port (64010), and that gets forwarded to 16262 (it was 16261 before the update), but the server seems to kick back with a response for 16261 with a steam connection and then they get the message saying that it's connecting through steam and that their connection may be poor. I noticed in the logs that it indeed kicked them into a steam connection instead of the direction connection (I don't even see an indication of it attempting to do so).

 

I noticed in my firewall logs that it shows the traffic going through just fine (does a port forward to 16262, which is responded to - but with 16261 as the response port instead of the forwarded 16262).

 

Is there something hard-coded that's expecting both the client AND server to be port 16262?  Or is there something else that needs to be done in order to get my friends a more optimal "direct connection"? Note that port 16262 is not available for me to use, so I have no choice but to use one of my few custom ports I have been given.

 

EDIT: - in case it's worth mentioning, I'm using a docker installation of PZ, and yes, the port is setup already (and restarted docker-compose):
```

      - "16262:16262/udp"

```

EDIT 2:

I attempted to just force port 16261 to 16262 in Docker with `16261:16262/udp` but it didn't seem to like that even locally. The game still attempted 16262 first according to tcpdump instead of just accepting 16261 when I defined that in the game. It appears the game doesn't see custom ports as direct connections, and assumes the direct connection only works 16262 if I had to guess. When that exact port fails, it goes back to the port defined in the 'join game' screen (64010 in my case).  The better option would be to have the UI have a 'steam port' and 'direct connection port' available, so that if the direct fails, it falls back to the steam port there. For those of us who have port forwards and can't use the ones the game provides us.

 

I think for now, I'll have to stick to the original 16261 which is what my port forward will point to, until this is fixed in the next version(s).

 

Thanks

Edited October 5, 2022 by ind5c7_2210

[EnigmaGrey]

I'm not sure I'm following here.

 

You need two ports for the game and one port for Steam. That's 3 ports total. 16262 is optional, you'll just get a naughty message and the game will have to use the Steam relay instead of a direct connection. 

 

16261 (p2p) -16262 (direct udp connection), and 8766 (the steam port). All three can be configured in the server config.

 

Forcing 16261 to be 16262 is not going to be a good idea.

[ind5c7_2210]

 

8766: is not actually required for players to connect to the server, so I still have that closed

16261: was the port I had open locally and forwarded to externally before the update. Players wouldn't see server details in the game connect page, but could still connect to the server to play

16262: I changed my port forwarding to this

 

I think the problem is the game receives data in from 16262 but responds through 16261 as the source port. tcpdump:

22:21:19.147193 IP [[FRIEND IP]].58404 > [[SERVER LOCAL IP]].16262: UDP, length 25
22:21:19.148286 IP [[SERVER LOCAL IP]].16261 > [[FRIEND IP]].58404: UDP, length 9

This is with the configuration of `16262:16262/udp`.

 

My inquiry was - is it intentional to respond with a source port I'm not using instead of responding with the one that was reached out to? Or is this a bad configuration in the docker project I'm using (tried to manually build it but it didn't change behavior). This was my reasoning for attempting to force 16261 to 16262 - just to see if it was assuming the wrong port for a direct connection (which was not the case).

Edited October 5, 2022 by ind5c7_2210

[EnigmaGrey]

Unless you're running totally nosteam, 8766 is used by Steam to authenticate clients. It is necessary. 

 

I can't speak to 16262 somehow funneling traffic to 16261, unfortunately. Out of my depth on that one, but I wouldn't be surprised that the game uses both ports?

 

I also have no experience with the community-generated dockers for PZ, but it's a fair bet they've not been brought up to date with build 41.77.

[EnigmaGrey]

My mistake on port 8766. It does indeed look to be retired.

 

One less port to worry about.