Re: [VANILLA-LIST:2246] Thread on UDP and firewalls from euroclue-l

To: vanilla-l@us.netrek.org
Subject: Re: [VANILLA-LIST:2246] Thread on UDP and firewalls from euroclue-l
From: Bob Campbell <rsc@scd.ucar.edu>
Date: Thu, 8 Apr 1999 13:11:16 -0600 (MDT)

> Thought this discussion from euroclue-l might be interesting...
> If not, please hit that 'd' button.

Some comments, if I may...
Pass them on if you wish, since I'm not on the above mailing list, and I 
don't wish to cross-spam lists.


> Yeah, is all that is needed to fix this instead of the server 
> starting the UDP connection, the client should start it? 

It is my understanding (being only *familiar* with networking protocols, but
not expertly knowledgable) that for UDP connections, you can't determine the
sender from the receiver, and vice-versa.  For this reason the security setup
where I work bans *all* UDP connections to/from the internet (because you
can't tell if it's originating internally or externally).  We also prohibit
pings to non-"exposed" hosts.  For this reason, whenever I play on my 
workstation, it takes a few more seconds to res while the server tries to
ping my client.  So lately, I've been playing from one of our exposed hosts,
and displaying back to my machine.

Frankly, given the direction of internet security, the netrek community 
should either drop UDP altogether, or at least default to TCP and allow
UDP *only* if you know it's going to work.  I think this may be part of 
the problem a poster to rec.games.netrek is having right now with NAT.
(Doesn't look like she's got UDP setup for netrek under NAT).


> Yup, this is only a good thing, imo. Admittedly lots of people will
> turn the flashy bits off, I'm sure, but if it serves to attract people
> to play then that's only a good thing.

Strictly a client thing, BUT since desktop machines have more power these 
days, it isn't all that outrageous to ask the client to do more.  Color
bitmaps and sounds are ok, but I'd actually like to see something like
Total Annhilation, which uses 3-D objects instead of bitmaps to render
pieces as they move around.  Be kinda neat to see ships bank as they turn
and blow to bits that fly all over the tactical.


>     Eh... did I mention that NT:TNG is UDP-only, and the server always
> sends back to the client port? Which can be selected, of course. So you
> can use another services port range, like real-audio/video, for example.

This sounds interesting, but like I said before, some places with firewalls
just don't allow UDP connections at all because they cannot be reasonably 
secured.

Honestly, UDP is good for use in LANs (primarily for NFS) but even it's use
within LANs is declining; it's no longer the default connection under NFSv3
(TCP is).



Bob Campbell                    Unix System Administrator
Scientific Computing Division   National Center for Atmospheric Research
rsc@ucar.edu                    (303) 497-1815

Prev by Date: Thread on UDP and firewalls from euroclue-l
Next by Date: end_tourney.pl failed to parse
Prev by thread: Thread on UDP and firewalls from euroclue-l
Next by thread: Re: [VANILLA-LIST:2246] Thread on UDP and firewalls from euroclue-l
Index(es):
- Date
- Thread