Linux GURU needed.... UDP issue

Ok, im not the best at Linux, but I can manage to keep some things working and manage my linux server remotely w/out much problem. But here is my dilemma and I have looked at user groups ..... and can not find the help I need.
I have a dedicated linux box that I lease. I use it for many applications and they run fine, except for my gaming server. I run Quake 3 off of this box and it runs, but the "master servers" that it announces to tend to not list my server after a time from 30 minutes to 3 hours, but after this timeframe it no longer shows up on the ID master server list. It continues to show up on gamespy and eyespy, but not the ID master server(this is what I need to resolve). The research I have done leads me to beleive that the problem does not lie with out going "heartbeat" announcements, but rather with incoming UDP packets from the master server. Apparently if "UDP packet tracking" is on, this causes the problem I see, but if it gets switched off, everythign works fine. Supposedly, the UDP packet coming from the master server uses different inbound ports on my machine and that my machine messes up due to this UDP packet tracking deal. I do not know what this UDP packet tracking is nor how to turn it off. I realize Im only appealing to a handful of folks here, but Im desperate and have been trying to fix this problem for months.
Im running RH 9, no firewall (that Im aware of) and IPTables are wide open, accepting for everything. Server is located in Florida and from what I know, the provider has no firewall setup nor any other limitations applied on their network. Not sure what other info you will need. Ive also seen someone refer to the command "looseudp", but this does nothing at all since I have no firewall running..
Any help at all will be appreciated.......Look at this as a challenge....[]
Thanks guys!

DwArFlOrD

 

Im not running NAT.
Im not sure if the problem relates to a "socks" problem, port forwarding, ip masquerading or what. But it will be a problem associated with udp port changing and linux just ignoring the reply, or dropping the packet. I think it has something to do to help protect my server from syn attacks.......

DwArFlOrD

 

If your hosting company is protecting you from syn attacks they are running some sort of firewall. However, just to be sure about the local host... what does the following commands give as an output...

chkconfig iptables --list

and...

iptables --list

or...

service iptable status

Do you know what ports are used for the UDP traffic? You if you do you can see if your host is listening on those ports with nmap. I wouldn't go nuts scanning a bunch of hosts but you can scan your own host from the outside with

nmap -p [some port number or range] some.host.name

 

Thanks so much for helping! Here are the answers to the questions:

[root@armstrongpage root]# chkconfig iptables --list
iptables 0ff 1ff 2n 3ff 4n 5n 6ff

[root@armstrongpage root]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination


[root@armstrongpage root]# service iptable status
iptable: unrecognized service


The only port scanner I have here at home scans tcp only, but it shows the normal ports are open....21, 80, 8080....since the game is udp, Ill need to find a udp port scanner. Ill work on that now. But this is what I have so far.


DwArFlOrD

 

Ok, here is what I found as far as ports being open.
I looked at the port range 27949-27970. I did a udp scan using nmap win v. 1.31 and got this:
{This is the command used:}
CMD: nmap -sU -P0 -p 27949-27970 -T 3 dwarflord.net

Starting nmap V. 3.00 ( www.insecure.org/nmap )
Interesting ports on (64.251.25.11):
Port State Service
27949/udp open unknown
27950/udp open unknown
27951/udp open unknown
27952/udp open unknown
27953/udp open unknown
27954/udp open unknown
27955/udp open unknown
27956/udp open unknown
27957/udp open unknown
27958/udp open unknown
27959/udp open unknown
27960/udp open quake3
27961/udp open unknown
27962/udp open unknown
27963/udp open unknown
27964/udp open unknown
27965/udp open unknown
27966/udp open unknown
27967/udp open unknown
27968/udp open
unknown
27969/udp open unknown
27970/udp open unknown
Nmap run completed -- 1 IP address (1 host up) scanned in 41 seconds
I find that if I do the same test using SYN stealth or ACK Scan instead of UDP Scan, it comes back saying all those ports are filtered/closed. If I do a FIN Stealth, it shows all those ports are open just like UDP Scan. I do not know if that info helps, but it sounds like to me that something somewhere is filtering SYN attacks. I wonder if the UDP packets coming from the Master server to my server are being mistaken for SYN attacks and being filtered out. If so, I wonder if it is the network Im on, or the "Netfilter" in my Linux Kernel causing the problem.
What do you think we should look at next?

DwArFlOrD

 

from g00gle:

"A revelation of sorts. my server does show up in the master server list. i had the option to 'show empty servers' turned off in the game's browse list. and even though my server had 5 players in it, it won't show unless i set 'show empty servers' to ON. go figure"

this might be an old bug, but perhaps worth a try... *shrug*

Does your linux box have an internal ip of any sort or is it 64.251.25.11 in ifconfig too?

 

I have the option to show empty and full servers tagged in my in-game browser - so that is ruled out... I do have my eth0 interface configed with the ip address and I have it hard coded in my startup script i.e. ./q3ded set_ipaddr 64....as well as the port 27960. It does show up in the master, but it will eventually disappear from the listings. I look at the game console and it still shows that heartbeats are still being sent out.....[xx(] , so I dont know what gives. Other info I have seen is that the Master servers increments by 1 the port it replies back to on the game server, do you think linux kernel may view this as a syn, or maybe a non-established udp session and just drop/ignore this udp on this different port? Oh boy this is giving me a headache....

DwArFlOrD

 

perhaps you can switch to BF1942

 

The Star Wars Mod (Galactic Conquests)for BF1942 is great!

 

Hey no thread hijacking.....
Besides, I stink at BF1942...., im not very sneaky....[B)]

DwArFlOrD

 

Can't be sneaky in an ATST (chicken walker)!

 

Try using all-seeing-eye instead of the in game browser to see if the server shows up there. http://www.udpsoft.com/eye/

 

From original post...
".....from 30 minutes to 3 hours, but after this timeframe it no longer shows up on the ID master server list. It continues to show up on gamespy and eyespy, but not the ID master server....."
Problem is that most people use that darn in-game browser, which stinks, but that is where most the players come from. If it doesnt show up, I still get some traffic, but not enough - unless the ID Master is showing it....
Thx though....

DwArFlOrD

 

The kernel filtering would most likely be done with iptables (on RH9). As you said it looks like iptables isn't blocking anything and if you're in runlevel 3 iptables is off by default based on the output you posted. However it's turned on in runlevel 5 but with no chains. So it looks like you're listening on those UDP ports and the traffic is passing to your server unfiltered. Does the hosting company NAT this host? I don't think it looks like an issue with UDP packet tracking but if you're worried that something might be blocking/filtering packets on the host you can try 'chkconfig --level 345 iptables off' and then reboot just to be safe. This will make sure your Netfilter/iptables are off in run levels 3-5. I wish I was more familiar with Quake 3 to offer more help.

 

What does you command line and server.cfg look like? Does it have set sv_master1 "master3.idsoftware.com" in the cfg and
+set dedicated 2 on the command line?

 

Here are some resources for servers, if anything you might get a response from them on their forums.

http://www.gameadmins.com/modules.php?name=Sections&op=listarticles&secid=1
http://www.gameadmins.com/modules.php?name=Content&pa=showpage&pid=26

 

My IPs are public and I thought this would work...., no go. It was listed for about an hour and my hopes were up, but it was gone before I went to bed last night. Im at a loss, I may end up trying to put the windows version on my linux box instead of the linux version on the linux box....that could work. Who knows...grrrr.

DwArFlOrD

 

Command line:
./q3ded +set fs_game instaunlagged12 +set net_ip 64.251.25.11 +set com_hunkmegs 40 +set pb_sv_enable 1 +set dedicated 2 +exec ctf1.cfg
And a snippet from my config for the dedicated server:
//Register server with master server lists
seta sv_master1 "192.246.40.56"
seta sv_master2 "master0.gamespy.com"
seta sv_master3 "master.kali.net"


The ip is the ip of master3.idsoftware.com - a previous recommendation on another site recommended to use the ip vs the zone name,,,, that didnt work either....

Also, if the configs werent correct for announcing a dedicated server, it would never show up to begin with in the ID master. It shows up, but just disappears. Has to be a heartbeat or udp problem somewhere.....
Thanks!

DwArFlOrD

 

HW wont be the issue because the game is running and can play on it. Its running right now, showing up on gamespy and eyespy, just not ID Master list.
Ive already posted a ? there under gameadmins:
http://www.clanservers.net/bb/showt...78ad9fb&threadid=2069&perpage=25&pagenumber=2

Ive got one here:
http://www.quake3world.com/ubb/Forum15/HTML/002527.html?

and two here:
http://www.linuxquestions.org/questions/showthread.php?s=&threadid=169559
http://www.linuxquestions.org/questions/showthread.php?s=&threadid=168127

Seems the most help Ive gotten though is from here, my neighbors are more helpful than the linux guys on these other forums....[8D]
Thx again.




DwArFlOrD

 

Just for grins, try adding +set net_port <port> to your command line.

./q3ded +set fs_game instaunlagged12 +set net_ip 64.251.25.11 +set net_port 27960 +set com_hunkmegs 40 +set pb_sv_enable 1 +set dedicated 2 +exec ctf1.cfg