set allowClientUdpPortChanges to true has no effect

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Lapo, Bax

h128
Posts: 6
Joined: 04 Apr 2014, 23:30

set allowClientUdpPortChanges to true has no effect

Postby h128 » 04 Mar 2021, 11:54

I am using TCP/UDP proxy service to protect my server and encountered the TCP/UDP IP not matching problem.

Discard UDP packet from ..., reason: Sender UDP Port doesn't match current session port: X != Y

So I set allowClientUdpPortChanges to true as suggested by the forum post:

viewtopic.php?p=87135#p87135

But set that setting to true did not help. I still see the Discard UDP packet message.

The server version is 2.17.

Please advise! Thanks!
User avatar
Lapo
Site Admin
Posts: 21927
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: set allowClientUdpPortChanges to true has no effect

Postby Lapo » 04 Mar 2021, 14:25

Hi,
I think the problem is the Proxy server. With UDP the proxy masks the sender's IP and there's no way for the server to validate the authenticity of the request.

Cheers
Lapo
--
gotoAndPlay()
...addicted to flash games
h128
Posts: 6
Joined: 04 Apr 2014, 23:30

Re: set allowClientUdpPortChanges to true has no effect

Postby h128 » 04 Mar 2021, 14:48

But I thought by setting allowClientUdpPortChanges to true the server does not try to validate the authenticity of the request.

"This is basically telling the server to ignore client UDP port changes at the cost of reducing security" This was what you suggested from the post mentioned previously.
User avatar
Lapo
Site Admin
Posts: 21927
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: set allowClientUdpPortChanges to true has no effect

Postby Lapo » 04 Mar 2021, 15:01

Yes. it accepts requests coming from a port number that is different from the original port that was used to initialize the protocol.
However the Proxy Server also masks the sender's IP address, so all incoming connections now look like they are coming from the same IP address, which is an issue for the server's UDP internal consistency / validation.

Sorry
Lapo

--

gotoAndPlay()

...addicted to flash games
h128
Posts: 6
Joined: 04 Apr 2014, 23:30

Re: set allowClientUdpPortChanges to true has no effect

Postby h128 » 04 Mar 2021, 15:25

My bad!

The error message is actually Discard UDP packet from ..., reason: Sender UDP IP doesn't match current session IP: X != Y

It is IP mismatch.

If putting Smart fox server behind proxy services is not possible how do we protect the production server from DDOS? By the way TCP connection works fine behind proxy services such as GCP global TCP Load Balancer.
User avatar
Lapo
Site Admin
Posts: 21927
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: set allowClientUdpPortChanges to true has no effect

Postby Lapo » 04 Mar 2021, 15:37

No problem.
If putting Smart fox server behind proxy services is not possible how do we protect the production server from DDOS? By the way TCP connection works fine behind proxy services such as GCP global TCP Load Balancer.

Yes the problem is essentially with UDP only. TCP should not be an issue.
If your server needs to stay behind a Proxy server I would recommend switching your UDP calls back to TCP and everything should work fine.

Cheers
Lapo

--

gotoAndPlay()

...addicted to flash games

Return to “SFS2X Questions”

Who is online

Users browsing this forum: No registered users and 29 guests