Multiple host service

[Auntie Mangos]

this really pisses me off.. 50 views, no replies. wtf is wrong with you developers

* waiting 24 hours for an answer might be acceptable if we talk about paid support, but these forums are no paid support. It's called user supported.

* Your issue description lacks precision. Are we talking about two physcial machines here, or one machine with two worldserver instances? Both could result in different issues.

The mangos community is probably one of the oldest and friendliest places to be, and take note that we have a code of conduct which you accepted by registering an account.

Thus: nothing is wrong with us. We are just not sitting here 24 hours waiting for desperate help requests. We would probably if someone would pay us for

[louisgosschalk]

Hi,

I was trying to host my logon server external from my worldserver.

Now the configuration of my system is the following:

Host #1:

Logonserver

Host#2:

worldserver

SQL server

Now the problem is that I can't manage to get my worldserver being accepted by the logonserver. Is there anything im doing wrong in my configuration?

2010-09-24 23:08:59 mangosd process priority class set to HIGH

2010-09-24 23:08:59

2010-09-24 23:08:59

2010-09-24 23:08:59 [0 ms] SQL: UPDATE realmlist SET realmflags = realmflags & ~(2), population = 0, realmbuilds = '12340 ' WHERE id = '1'

2010-09-24 23:08:59 Max allowed socket connections 4096

2010-09-24 23:08:59 ERROR:Failed to open acceptor ,check if the port is free

2010-09-24 23:08:59 ERROR:Failed to start network

2010-09-24 23:08:59 [0 ms] SQL: UPDATE realmlist SET realmflags = realmflags | 2 WHERE id = '1'

2010-09-24 23:08:59 [0 ms] SQL: UPDATE characters SET online = 0 WHERE online<>0

2010-09-24 23:08:59 [0 ms] SQL: UPDATE account SET active_realm_id = 0 WHERE active_realm_id = '1'

2010-09-24 23:08:59 [0 ms] SQL: UPDATE character_battleground_data SET instance_id = 0

2010-09-24 23:08:59 Halting process...

That's what I get when the worldserver gets to the connection with logonserver point..

My server has a clean installation of windows, it had norton antivirus on it but that's gone now.

This error remains even when i disable windows firewall and every single possibility of it being blocked.

greets!

[louisgosschalk]

nobody who can help me?...

edit;

this really pisses me off.. 50 views, no replies. wtf is wrong with you developers

[freghar]

wtf is wrong with you developers

No money, no gain. You can't expect an enterprise-level support in most opensource "free" communities.

I'd start with mysql connection testing, like verifying you don't have localhost restrictions in my.cnf.

[TheLuda]

If we're talking about two physical machines, freghars' hint applies: MySQL user names usually have a hostname or ip set to define from where you may access and use the user.

[BThallid]

2010-09-24 23:08:59 ERROR:Failed to open acceptor ,check if the port is free

2010-09-24 23:08:59 ERROR:Failed to start network

There is something wrong there. Is there anything else using the port you have specified for the world server?

[louisgosschalk]

well im not here to flame you guys actually so i'll keep it friendly, thanks for replying actually!

It indeed are two physical hosts, the SQL connection is correct, i've checked it all.

Both computers are directly connected to my modem (through a switch) so port forwarding is unnecesairy and even impossible, because it's unnecesairy.. uhm.. yeah.

i've already tried taking a different port for the server, like 8129 for instance, but it doesnt have any effect. same error, the acceptor cant be opened.

Both hosts are btw in the same network, i have multiple IP's in my range so they do have different extern IP's but they are connected to eachother through my LAN (both Hosts have 2 connection plugs, 1 LAN (which is non-connected to internet but connected to a router. non-connected to the internet because i didnt fill in the gateway port in the configuration) and the other connection is external, directly to the modem)

Nothing else could really be using the 8085 port, neither the 8129 port. It's a clean windows install and all, so i guess thats all right.

Hope I informed you somewhat more detailed.. thanks for your replies

You can also check out my post on trinity forums, to see what suggestions were given there and what info i've told there, might come in handy.

http://forum.trinitycore.org/topic/28812-extern-logonserver/page__gopid__151732#entry151732

Hope i dont break any rules by posting a link to a different emulator page

[freghar]

Is your BindIP set to 0.0.0.0 ?

Can you somehow "draw" an ascii / semi-ascii chart of your setup? It's hard to imagine why both hosts have 2 separate NICs.

[louisgosschalk]

Is your BindIP set to 0.0.0.0 ?

Can you somehow "draw" an ascii / semi-ascii chart of your setup? It's hard to imagine why both hosts have 2 separate NICs.

It's not 2 separate Network Interface Cards, it's only one, with dual input.

they do have seperate extern IPs. here's a simple figure of how my setup is.

amateur painting skills ftw, hope it clears some stuff up the easy way.

These hosts cannot connect to WAN through the LAN router, so they auto-use the WAN connection of the 2.

I've tried putting the bindIP to 0.0.0.0 but that didnt result in any improvement.

[freghar]

Well I don't really see any need for the second host<->host connection, but then again - I don't see any point in having realmd on a separate machine. A database server on the second host would make more sense.

Anyway, the issue might be in something unrelated, AFAIK the windows build installs a mangos service by default (and starts it up), so check your services.msc for a running instance of mangosd+realmd.

[louisgosschalk]

It's because my server had about 60 to 100 players but then I got some very annoying hackers against me. a whole team actually named eternity hackers. they decided to try and take me out and they succeeded, the lag was unbearable. I've now remade the server but im not going live before I've secured my connection.

And i think a good way to secure it is to make them think the server is at the IP of the logonserver, while it aint.

that's the use.

checked for the services.msc and there's nothing running named mangos world authentication or whatever when im not having it started up

[freghar]

It's because my server had about 60 to 100 players but then I got some very annoying hackers against me. a whole team actually named eternity hackers. they decided to try and take me out and they succeeded, the lag was unbearable. I've now remade the server but im not going live before I've secured my connection.

And i think a good way to secure it is to make them think the server is at the IP of the logonserver, while it aint.

Security by obscurity. In fact, auth server (realmd) will actually tell them where to find real world server (mangosd), according to realmd.realmlist table. It will probably fool some script kiddies, but it won't make your server any more secure. The correct way is to set up your firewall properly, limit incoming connections, it's easy to take mangos down without anti-SYN-flood protection.

From what I was able to observe, the client sends (after realmd authentication) very few TCP SYN packets, like 3 in the first second and then one per minute (or so), the rest is just ACK with URG flag set. That means you can restrict incoming TCP SYN packets to about 5 per second, with 50 packet buffer ("bucket") .. per IP. Ie. there has to be some space for like 10 players on a shared connection. Plus turn on tcp_syncookies (windows probably has it somewhere as well) and rp_filter to counter spoofing, ...

That should keep them away.

[louisgosschalk]

ok i understand i have to do the following:

turn on tcp_syncookies

turn on rp_filter

I dont understand how to limit the packets per client though. I use windows XP on my server atm, do you know what software i need to do the limiting?

[freghar]

I personally use "hashlimit" or "recent" iptables match (linux), but I believe any more advanced windows firewall software can do it.