The Worst Error. None at ALL! "game server" -Linux-

[nazer]

I don't think it's an issue with a firewall though. After these changes it seems to not change very much only with connecting to the realmd. Maybe it might be with realmd communicating with mangosd?

[Xenithar]

The realm server simply lists the realms in the database and passes the WoW client the ip address of the selected server, unless I am gravely mistaken. You are running a firewall. That is your problem. When you are not running a firewall, the iptables -S command will only show you:

-P INPUT ACCEPT

-P OUTPUT ACCEPT

-P FORWARD ACCEPT

If you get anything else, you are firewalled. The problem is that Ubuntu does some weird crap with their firewall. I don't use Ubuntu so I am not an expert on it. It is based on my distro however, and should work similarly.

Now, I need the output after you run those commands. I have yet to see what happens when you try to clear your firewall rules. Run the commands in my last post, then run iptables -S and paste me the output. For all we know, those commands may not take effect with the new UFW crap.

[nazer]

I just started to use ubuntu a little while ago so I'm not very knowledgeable about it either but I am enjoying the switch to linux very much!

After getting my output of iptables -S by using your commands from your last post to look like:

-P INPUT ACCEPT

-P FORWARD ACCEPT

-P OUTPUT ACCEPT

It still had the same effect.

[Xenithar]

Alright, paste me the output of cat /etc/network/interfaces so I can see how your network is being configured. The UFW firewall may be setting addresses on your NICs the way FWBuilder can.

[nazer]

This is the output of it.

auto lo

iface lo inet loopback

[Xenithar]

Wow, no clue what they are trying to do there, but you are setup to use your loopback interface for net access. They must use iptables to handle this as well as firewall your system. Let me get some advice for this and get back to you.

*UPDATE*

Alright, let's not wipe out your firewall and NAT setup. Instead, let's just set the input and output policies to accept by default. This is a simple command issued as root that should fix it while leaving your rules in place.

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

Try that as root or with sudo. That will allow all traffic in and out of your system without removing all of your rules. Once you do those two commands, use iptables -S as root and paste me the result. After you paste the result, try your server out and cross your fingers.

[nazer]

Alright I tried it and nothing!

Here is the output of iptables -S:

-P INPUT ACCEPT

-P FORWARD DROP

-P OUTPUT ACCEPT

-N INBOUND

-N LOG_FILTER

-N LSI

-N LSO

-N NR

-N OUTBOUND

-A INPUT -s 192.168.0.1/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A INPUT -s 192.168.0.1/32 -p udp -j ACCEPT

-A INPUT -s 205.171.3.25/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

-A INPUT -s 205.171.3.25/32 -p udp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT

-A INPUT -p icmp -m icmp --icmp-type 0 -m limit --limit 1/sec -j ACCEPT

-A INPUT -p udp -m udp --dport 33434 -j ACCEPT

-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT

-A INPUT -p icmp -j LSI

-A INPUT ! -s 192.168.0.0/24 -i wlan0 -j NR

-A INPUT -d 255.255.255.255/32 -i wlan0 -j DROP

-A INPUT -d 192.168.0.255/32 -j DROP

-A INPUT -s 224.0.0.0/8 -j DROP

-A INPUT -d 224.0.0.0/8 -j DROP

-A INPUT -s 255.255.255.255/32 -j DROP

-A INPUT -d 0.0.0.0/32 -j DROP

-A INPUT -m state --state INVALID -j DROP

-A INPUT -f -m limit --limit 10/min -j LSI

-A INPUT -i wlan0 -j INBOUND

-A INPUT -j LOG_FILTER

-A INPUT -j LOG --log-prefix "Unknown Input" --log-level 6

-A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT

-A FORWARD -p icmp -m icmp --icmp-type 0 -m limit --limit 1/sec -j ACCEPT

-A FORWARD -p udp -m udp --dport 33434 -j ACCEPT

-A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT

-A FORWARD -p icmp -j LSI

-A FORWARD -j LOG_FILTER

-A FORWARD -j LOG --log-prefix "Unknown Forward" --log-level 6

-A OUTPUT -s 192.168.0.7/32 -d 192.168.0.1/32 -p tcp -m tcp --dport 53 -j ACCEPT

-A OUTPUT -s 192.168.0.7/32 -d 192.168.0.1/32 -p udp -m udp --dport 53 -j ACCEPT

-A OUTPUT -s 192.168.0.7/32 -d 205.171.3.25/32 -p tcp -m tcp --dport 53 -j ACCEPT

-A OUTPUT -s 192.168.0.7/32 -d 205.171.3.25/32 -p udp -m udp --dport 53 -j ACCEPT

-A OUTPUT -o lo -j ACCEPT

-A OUTPUT -s 224.0.0.0/8 -j DROP

-A OUTPUT -d 224.0.0.0/8 -j DROP

-A OUTPUT -s 255.255.255.255/32 -j DROP

-A OUTPUT -d 0.0.0.0/32 -j DROP

-A OUTPUT -m state --state INVALID -j DROP

-A OUTPUT -o wlan0 -j OUTBOUND

-A OUTPUT -j LOG_FILTER

-A OUTPUT -j LOG --log-prefix "Unknown Output" --log-level 6

-A INBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INBOUND -j LSI

-A LSI -j LOG_FILTER

-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6

-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP

-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6

-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP

-A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6

-A LSI -p icmp -m icmp --icmp-type 8 -j DROP

-A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6

-A LSI -j DROP

-A LSO -j LOG_FILTER

-A LSO -m limit --limit 5/sec -j LOG --log-prefix "Outbound " --log-level 6

-A LSO -j REJECT --reject-with icmp-port-unreachable

-A NR -s 0.0.0.0/8 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 10.0.0.0/8 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 127.0.0.0/8 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 169.254.0.0/16 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 172.16.0.0/12 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 192.0.0.0/24 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 192.0.2.0/24 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 192.168.0.0/16 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 198.18.0.0/15 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 198.51.100.0/24 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 203.0.113.0/24 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 224.0.0.0/4 -d 192.168.0.0/24 -i wlan0 -j LSI

-A NR -s 240.0.0.0/4 -d 192.168.0.0/24 -i wlan0 -j LSI

-A OUTBOUND -p icmp -j ACCEPT

-A OUTBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

-A OUTBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT

-A OUTBOUND -j ACCEPT

[Xenithar]

Alright, sorry for the delay. Ubuntu is doing something very, VERY screwy with networking. Normally your itnerfaces (Ethernet, wireless, etc) are listed and configured in /etc/network/interfaces, yet yours only has loopback. Then there's that extremely odd iptables configuration. I know a bit about iptables and I build firewalls, but I don't do routing and NAT yet, so a lot of your rules don't make sense to me. I would recommend that you speak with the Ubuntu team on their forum to try to gain an understanding of how your network is running. From my perspective, they are handling everything within iptables, which is just not normal, but I may be mistaken. Again, I use Debian, not Ubuntu. Debian is upstream (Ubuntu is based on it) and does not have the bloatware that Ubuntu has. Maybe Ubuntu has some extra package installed that is handling your networking, such as network manager. Either way, ask the Ubuntu team. They should be able to help.

On a side note, I placed an iptables firewall on my WoW server last night after building, allowing only TCP ports 3724, 8085, and 22 through. Upon doing this, I had the same problem you have. I would sit at the connecting screen for ages and never get in. This leads me to believe that MaNGOS uses more ports than just 8085 and 3724. Upon removing my firewall, I could connect instantly. I still believe the heart of your problem is with the networking setup on Ubuntu.

*UPDATE*

Alright, I should not be allowed to use Firewall Builder after 22:00 any more. My problem was that I was testing against the source port for 3724 and 8085, not the destination port. It works fine now, and MaNGOS only needs ports 3724 and 8085 allowed. Just wanted to point that out since I assumed my problem was an unknown port earlier.

Naz, if you want to try allowing your WoW ports, you can enter these two commands as root to open just the MaNGOS ports up.

iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3724 -m state --state NEW -j ACCEPT

iptables -A INPUT -i eth0 -p tcp -m tcp --dport 8085 -m state --state NEW -j ACCEPT

That tells your firewall to allow traffic on the two MaNGOS ports to be allowed even if it is a new connection.

[nazer]

Alright I just tried that and it still didn't work! I really appreciate all of the help you have given me so far though. I am using lubuntu actually. It doesn't have as much of this bloatware that you speak of plus a beautiful opaque default desktop. I am slowly working towards debian my friend but my knowledge is not at that level yet haha.

I tried what you did and it had no effect. Can you explain to me more about what it looked like when you were unable to connect before? Were you stuck on handshaking? or stuck on just connecting to the server in general. I am stuck on -handshaking or connecting to game server-. Maybe being able to recreate the same problem as me might help you a bit? Do you think maybe a picture would better explain the situation?

I am not too sure now if it is a firewall issue though. Even if I completely wiped out the iptables I still was not able to connect. No firewall should mean (in theory) all traffic to be sent.

[Xenithar]

Well your firewall is run on iptables, which does more than firewalling. Iptables also does NAT (network-address translation) and a whole lot more. Your default chains (rules) are much more than firewall rules. I see various networks specified, which makes no sense unless you have multiple networks in your home. I see class A, B, and C networks somehow being related to a class C network in those "NR" rules. On top of that, your networking interfaces are not specified in your interfaces file, leading me to believe that all of those chains have something to do with that. This is why I hate distros that don't conform to standards. Heck, even RedHat, Slackware, and Gentoo use an interfaces file!

I will try to sort through those rules later when I get some time, but I have a job during the day.

[Schmoozerd]

I think there must be placed an entry into realm database into realmlist for your realm.

Also you must have proper values in the config files for the IP (leave to default there)

[Xenithar]

We already covered that. His problem lies within the network configuration on his Linux box. He does not have his interfaces configured in the standard way, and he has some kind of advanced configuration with iptables going on.

*UPDATE*

I just figured out that all of those "NR" lines deal with routes. He is routing traffic from all networks to a class C network. That probably has something to do with it. I will keep digging, but why on earth is the Lubuntu team throwing in static routes?

[Unkle Nuke]

One last idea, and sometimes it is the really obvious ones that get you...

nazer, did you edit the lines of the realmlist.wtf file in your game client's root folder, using the IP of your server and not the retail servers?

Also, do you start the game using Wow.exe instead of Launcher.exe? Launcher.exe will not only attempt to patch the game up to the current retail version, it will also overwrite any changes to the client files you have made, such as editing realmlist.wtf.

Otherwise, it looks as if you and Xenithar will have to become Ubuntu experts rather quickly.

[Xenithar]

I didn't think about that. The realmlist.wtf file has to point to 127.0.0.1 for this to work. Otherwise you are connecting to Blizzard servers!

[nazer]

Ok so I reloaded everything and it seems to be working however I did it with the given blank mangos database. So the problem does not lie in the firewall. I am able to connect perfectly and everything! Now I need to figure out how to update the database with the MaNGOS Zero files. Thank you for your help. It is really appreciated!

[Unkle Nuke]

After all that and it was a broken database causing the server daemon to hang?

/facepalm

[nazer]

Okay after some playing around I finally solved it!! There was a problem with me using the mangos zero realm database. Why? I don't know... Simply put after testing random things it came down to simply importing the realm database that is inside of /sql/ OVER the zp_realm database that was imported with the mysql_import file.

So to make the database work simply.

cd to zero database folder

./mysql_import

cd to /sql/

mysql -u root --password=**** zp_realm < realmd.sql

Thank you again for sticking it out with me even though the solution is something so simple. Let me join you with a /facepalm UnkleNuke.

[Unkle Nuke]

HOOORAY!!!

I'm just glad you got it fixed so you can return to the fun of tinkering with your server and adventuring in your own little world. It's become an addiction for me.

I think Xenithar does deserve some sort of medal for the way he racked his brains :lol: , but you'll find most of us here tend to be a rather helpful bunch when you work with us to solve the trouble.

Just pay it forward and help the next poor slob down the line.

[Xenithar]

Actually the database wouldn't have been the problem if it was empty. It would have thrown an error about the db_version. My guess is that it was a bad build. I am still thrown by the way the Lubuntu team has that firewall with all of that routing crap in it though. I am so blessed to be using pure Debian!

Glad you are up though.