I'm trying to setup a dedicated server however, the server is behind a dedicated firewall provided by my hosting provider. It doesn't do a NAT, rather, the IP address of the server is bound to the IP of the firewall.

Unlike a NAT, you connect to my server using it's own real IP address, however, if I connect out from my server, the IP reported is the IP address of the firewall. The entire Netblock is routed through the firewall.

What I suspect is happening is when my dedicated server is contacting the Master Server, the IP address the Master Server sees is that of the firewall. When someone tries to connect, the are sent to the IP of the firewall, which will then ignore the connection. They need to be sent to my servers real IP. The traffic will hit the firewall, be inspected, then passed to my server.

So, how do I know what address the Master Server is sending people to? How can I tell the Master Server to ignore the address it thinks it's being connected from, and to use a different address?

Ack.. not sure what to suggest, since I've only ever dealt with NAT routers

Couple of things to check.. did you set your config file to specify your host IP address? Also, to maybe bypass the problem, is it possible to put your host machine in a DMZ, thus exposing your machine as your firewall's IP?

Quote from SamH :

Couple of things to check.. did you set your config file to specify your host IP address?

Yes. The IP address setting in the config file seems to only tell the dedicated server which IP address to listen on if you have multipul IP addresses, and/or network cards, which I do. It doesn't appear to send the IP address to the Master Server though. The Master Server only seems to look at the IP address the connection to it came from and that's all.

Quote from SamH :

Also, to maybe bypass the problem, is it possible to put your host machine in a DMZ, thus exposing your machine as your firewall's IP?

The server is in a hosting center. All traffic in and out of the hosting center passes through their main gateway/firewall. The firewall is one of those big Cisco's. It has hundreds of IP addresses loaded. Depending on which IP address is hit, it routs the traffic to the appropriate server in the data center. Data comes into the Cisco from the outside world via several dozen fiber connections. It also provides round robin load balancing across multipul servers, however, I only have one server in the data center so don't use that facility.

I supposed what is needed is another setting in the config file to tell the Master Server which IP address to send connections to regardless of the IP address it was contacted from.

Quote from RatzMilk :

Yes. The IP address setting in the config file seems to only tell the dedicated server which IP address to listen on if you have multipul IP addresses, and/or network cards, which I do.

You are correct here, it does let you bind to a given address, and is designed for use on machines with multiple ips..

However, by binding to the IP you should be sending out as that IP also. Unless something is rewriting the packets somewhere else, or you're running some very very odd software thats fiddling.

If your servers ip(s) (is|are) publically route-able there shouldn't be any problem here. I've run servers in similiar situations on my own, and rented, boxes in various dcs and never hit this problem.

Without wanting to be rude, I'd actually suggest that you've simply cocked up a firewall rule, or your dc's netadmin is running some antiwarez protection. Because LFS uses high ports by default it can often be picked up as such.

If your ip is not publically route-able, then I'd ditch that provider and go and find another one as they're trying to be cheap.

Quote from the_angry_angel :

You are correct here, it does let you bind to a given address, and is designed for use on machines with multiple ips..

However, by binding to the IP you should be sending out as that IP also.

Do you know that for certain, or are you just guessing?

Quote from the_angry_angel :

Without wanting to be rude, I'd actually suggest that you've simply cocked up a firewall rule, or your dc's netadmin is running some antiwarez protection. Because LFS uses high ports by default it can often be picked up as such.

I can connect to the server via direct IP fine, it's the Master Server that appears to be sending clients to the wrong IP.

What I want to know is what IP is the Master Server sending clients to?

Quote from RatzMilk :

Do you know that for certain, or are you just guessing?

Well it's exactly how it's behaved in the various network programs I've created. I've not read it documented anywhere, but binding to an ip that you're not sending as would be stupid for a whole host of reasons.

Quote from RatzMilk :

I can connect to the server via direct IP fine, it's the Master Server that appears to be sending clients to the wrong IP.

Out of interest, how are you determining that it's reporting the wrong IP?

Quote from RatzMilk :

Do you know that for certain, or are you just guessing?

It's Karl. Nuff said.

I don't understand this stuff on the level that TAA does, but in the simplest terms, I don't understand how a server is expected to operate if it can't get responses from behind a firewall, because it can't send requests from its own IP.

Quote from SamH :

It's Karl. Nuff said.

To be fair I do get stuff wrong

occasionally

Quote from the_angry_angel :

Out of interest, how are you determining that it's reporting the wrong IP?

Umm, that's why I started this thread so I could find that out. The bit where I say 'what I suspect is happening' in my original post, you did read it didn't you? I'm trying to find out for certain.