Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
8 
Report this post
In my experience most consumer grade routers either support hairpinning or they don't - no configuration needed, or even available, it's just part of the implementation.
Not having Hairpinning/loopback support simply means the router can't route packets from the internal network out to it's public interface and then back again, preventing communication.
Typically the NAT implementation would need specific support for this feature, and some router manufacturers have been dragging their heels on this, perhaps citing the fact that hairpinning is "not a typical consumer feature".
DrayTek routers, which cover both the home user and SME (small / medium enterprise) space have supported this for many years now - other router manufacturers do seem to be supporting it more often these days.
More complex kit, like Cisco SOHO (Edit: and enterprise) equipment may have options for this, but I'd argue that they are less likely to be found this at HELLION players homes (perhaps with the exception of some enthusiasts).
A cautionary note: If one follows the advice under the Workaround section, YOU MAY LOOSE THE SECURITY BENEFIT OF NETWORK ADDRESS TRANSLATION (if it works at all in the proposed configuration) as you are bypassing this feature and the traffic is then routed normally rather than NATed. This configuration is often also referred to as a DMZ. Make sure you are well firewalled up and beware you are at increased risk!
Additionally the router may not cope well with seeing the same network ranges being used on both internal and external interfaces
Finally, using IP addresses within your providers range that you have not been specifically allocated could cause issues other than simply not being able to connect - even if you feel comfortable with the risk of loosing NAT protection I would still advise proceeding with extreme caution!
Just a few corrections for you CheeseJedi (constructively meant!)
- there is no change in security posture or any changes in firewall rules required
- it's exactly the same as a direct IP/LAN connection works... packets just go straight to the server instead of hairpinning through the router (and creating extra CPU load on it). When Hellion gets direct IP it will work the same way.
- it's not a DMZ configuratiion (DMZ is a separate subnet/zone on a firewall with it's own security policy... however this is just your typical server on the internal subnet with port forwarding but adding a route directly to the server to avoid hairpin config.
P.S. I have MCSE and CCIE certifications... and even I just got frustrated trying to get NAT hairpinning working on a Cisco ASA 5510 firewall (v9) software... so just trying to help Joe Public out here.
if I understand this correctly now (my apologies, I've re-read your post ;) you've essentially created a new subnet on the same physical segment with an alternate addressing scheme, of which only the server and client machines are members.
In that case any packets destined for this secondary class C (/24) network will not be sent from either the server or client machine to the default gateway (router) on the 'internal' network and instead will be delivered directly to the other host, or dropped in the case of the other 252 addresses - and this is presumably the gotcha for external people on the 'official' version of the subnet within the ISPs network.
The DrayTek routers I mentioned previously (can but don't have to) implement their DMZ on the same physical segment as the internal LAN(s) and in this case adding of secondary IP addresses (from a pool of public addresses) to internal hosts can allow firewalled, but not NATed traffic through to the machine, which I consider a somewhat similar arrangement to what you have configured.
While I wasn't necessarily expecting any additional firewall changes in your configuration for this 'reflection eliminator', presumably external players are able to connect to your server without issue? (with the correct port forwarding, of course) Have you had any problems in this regard?
While I'm still not overly keen on the idea of using an unallocted address from your ISPs block, especially considering how highly contended IPv4 addresses are now becoming, you might consider using a two host /30 (255.255.255.252) netmask to reduce the chance, however unlikely, of address collisions with the outside world.
Thanks for sharing your experience with this.
Using a /30 mask would be more elegant, but trying to explain to Joe Public how to determine the /30 network address of the 4th octet of their real public IP by doing binary math.. might be more headache than it's worth :)
And the chances of two people being on the same ISP /24 range, playing the same game and connecting to the same server is pretty slim. On top of that, I very much doubt Hellion clients will ever establish peer to peer connections between themselves... so it's more likely that peer-to-peer voice (Discord, Skype etc.) wouldn't work to the hoster in that rare scenario.
In point of fact I've only been doing LAN games, so external connections to the server have only been demonstrated by the fact that the server is visible in the Hellion server browser, and I've also done UDP port testing from check-host.net which sees it ok. So the source IP must be NAT'ed behind the internal interface.... hence the server is able to reply to external locations like Steam (if it was NAT'ing behind the external IP then the server would never respond to Steam because the source IP would be itself.
As an academic exercise, someone might want to try to connect to the server (it's in community servers... [SG] Storm. Even in the unlikely scenario that it doesn't work... at least Joe Public can play Hellion on "their own server" and avoid latency and potential griefing.
http://steamcommunity.com/sharedfiles/filedetails/?id=1300553341
This aside, it looks like you've found a legit workaround for a player who whats their own server (on a seperate machine to their client) behind a router that won't hairpin, and (possibly) isn't too concerned about external players connecting. Nice job! :)
If anybody else tries this approach I'd recommend leaving feedback here to let us know how you got on.
In that case I guess only step 2 would be applied (to the client machine) plus the expected dedi installation and port forwarding set up.
Still be good to see if anyone else has issues connecting to my server... or success stories.
This is all just a workaround until Hellion gets direct IP/LAN support anyway... which is why you would rarely see this kind of solution. Hopefully the devs can put a console/debug command in as a quick hack, .e.g. "connect 192.168.1.20" before adding direct IP menu.
Agreed, an option to manually enter an ip:port would be the best long term option, as I believe the master servers are only acting as an index of online servers for the browser.
Back to the original matter, I came across this document, linking it in case you hadn't seen it already: https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/6505-nat-on-stick.html
No idea if this is appropriate for your device though, so may not be of much help.
Anyway, hopefully Hellion will feature LAN or direct IP connect feature soon - and all the problems will fade away instantly :)
As far as I'm aware, the Windows hosts file only resolves hostnames to a particular address (e.g. 'localhost' resolves to '127.0.0.1'), whereas the Hellion server browser only returns ip addresses for connection to, so the Hellion client will only ever attempt to connect directly to an ip address, not a hostname, and so a Windows hosts file won't do anything.
Here is how:
Just start up an raspberry pi (or any other linux machine) and remember its IP adress (r.r.r.r)
Then get your extenal ip which is x.x.x.x and your dedicated server machines ip address s.s.s.s.
On your computer where you want to play, you start cmd with admin priviledges and use
Then you use the following command
Example
Now we have to configure the raspberry pi. This needs to be repeated after every reboot.
Log into it and get a root access.
First we need to activate ip forwarding
The lazy one (will working even if your external ip changes, but you still have to adapt your route add above):
The specific one would be
The last command is:
After this you can start your dedicated server and only you will be able to detect your local dedicated server.
alt_ip_address=127.0.0.1 in GameServer.ini