Can't join gameserver since last update

[Guest]

[PQ]

I am playing a game called Soldat and I can't join 2 certain game servers anymore since the last update. I can join them when I have my firewall disabled.
It's about 78.46.76.21:23071 and 72.232.225.66:23071 both linux server. The servers do see me requesting the game, but I cannot join.
There's another server 84.250.25.167:23071 that I am able to join. That's a windows server. I gave Soldat full access at the network security policy and I can't remember changing any settings.

[PQ]

BUMP

This has still not been fixed.
It's not a problem with my settings, I know more people with the exact same problem.

We can't join the server. The server does detect that we are 'requesting' the game. 

[EricJH]

Can you show screenshots of  the application rules of the game and the Global Rules (Firewall --> advanced --> Network Security Policy)?

What ports need to be opened for this game?

[PQ]

I can join any other servers. You have to connect the lobby server and game servers. It works fine for every server except for the ones with port 23071
I can also join servers with the same IP and different port. The port is blocked for that host (or for linux servers) for some reason.

screenshots attached

Edit: I just tested something, I can also join other linux servers with that port. So the port is only blocked for that host. Does look like wrong settings, can't find something though.

[Agila]

I have identical problem as PQ.

Just to add. i used copy from trusted application policy and then edit it: tick Log as a firewall event if this rule is fired.
Log shows allowed but i can't join the server.

[Agila]

I was tinkering with the the setting and i was able to find a possible solution.
I unchecked block fragmented IP datagrams in attack detection settings and i able to join the server.

what could be the effect of disabling this option?


PQ,
Could you try it and tell me if it works for you too? 

[Toggie]

Are you seeing any firewall log entries for this?

[Agila]

Attached the log when i disable block fragmented IP datagram.

[Toggie]

But you don't see any Block entries prior to disabling those settings?

[Agila]

No blocked entries. This is all my logs shows.
Above the highlighted entry is after i disable it and below is before disabling.

[Toggie]

Well, for what ever reason there must be a lot of fragmented datagrams being generated between certain points, hence the ability to join some servers but not others. It would also be of interest to know what settings the server has regarding IP Fragmentation...

Be aware that unchecking that box, whilst allowing you to play your game, does potentially open your defences. There are a number of attack types that make use of fragmentation.

[PQ]

I have identical problem as PQ.

Just to add. i used copy from trusted application policy and then edit it: tick Log as a firewall event if this rule is fired.
Log shows allowed but i can't join the server.

That solution works, but I get many hack attempts since I live in a house with 17 roommates and we all share one 100mbit internet connection. (and most of them don't have a firewall)

So I don't think that it's safe to disable that (or am I wrong)

Could this just be a comodo bug then? And why would it only block that port from 1 IP address?

[Toggie]

See my post above

[Agila]

Well, for what ever reason there must be a lot of fragmented datagrams being generated between certain points, hence the ability to join some servers but not others. It would also be of interest to know what settings the server has regarding IP Fragmentation...

Be aware that unchecking that box, whilst allowing you to play your game, does potentially open your defences. There are a number of attack types that make use of fragmentation.

Guess i have to revert my settings back.  
I will try to find out the settings of server has regarding its IP Fragmentation.

I have some questions:
1. Is it possible that a single port from a IP to cause this?
2. Why does comodo doesn't show blocked entries?
3. Since we can connect to the server by unchecking that box, is there a program to fully check/see the detials while connecting to the server?

thanks Toggie for helping

[Toggie]

I have some questions:
1. Is it possible that a single port from a IP to cause this?

To understand why fragmentation may be occurring and why it may also be causing your problems, you would need to know the details of how IP fragmentation occurs as well as understanding the differences between TCP and UDP. 

In a nutshell (this is very simplistic), a large network such as the Internet is divided into segments, each segment is connected to another segment via a router. Each segment typically has a set size that it will allow for datagrams that travel over that segment. This is called the MTU (Maximum Transmission Unit). If a datagram is larger than a specified MTU it will be fragmented.

When a datagram is fragmented, each piece is given a new header and sent on its way. The path one individual piece takes may not be the same as any other piece. When the pieces arrive at their destination they are reassembled. However if one piece is missing the datagram is discarded.

With TCP this is less of a problem because TCP has the ability to ensure retransmission of any lot pieces. Typically, UDP does not.

So, In your scenario, for whatever reason, it seems that the connection to one particular server is less reliable than others. It may be a fragmentation issue, resulting in lost datagrams or it may be some configuration issue with that particular server.

2. Why does comodo doesn't show blocked entries?

It will only show log entries for rules for which logging has been enabled, either allow or block.

3. Since we can connect to the server by unchecking that box, is there a program to fully check/see the detials while connecting to the server?

There are some things that can be done to investigate, obviously talking to the server host to determine their configuration parameters may enlighten us further.

Failing that, you could analyse the traffic leaving your client using something like Wireshark You could also try to investigate the maximum MTU size by using ping with different ICMP sizes.

ping -f -l 1472 (insert the server details here)

Keep reducing the number until you no longer receive fragmentation required messages. Once you have this value you can change the MTU size on your PC.

Seems like a lot of aggravation to me...

[Tags:]