Ports and Networking problem

Hi all,

My team and I are developing a networked game using unity’s network library. We have found that trying to connect to a server with a firewall it is impossible: ports are blocked, and we are looking for a solution for this problem.

The idea is to let the user know when he has to deactivate the firewall or when the ports are blocked. The ideal would be testing the connection before playing the game.
We have tried creating a TestingScene: creating the server and connecting in the same scene but it failed. Creating the server and connecting from different scenes, also failed.

It is like the firewall knows that it is a self-connection and allow it. Any idea?

You can never connect to yourself with Unity’s network system because you can only be server OR client. The only way is to start your game two times and let one be the server and the other a client.

Are you sure that it’s the firewall that is blocking the connection? Normally firewalls will give you a message when it blocked an unauthorised packet. To test an outgoing connection you have to provide a public server to which the clients can connect to. If your users can run a gameserver on their own PC that a bit more complicated.

Incoming connections are “almost” impossible because nowadays most ppl are behind a NAT-router. A NAT router blocks all incoming packages in general. There are only two exceptions:

  1. You have configured a port forwarding in your router to a specific PC.
  2. A local PC have initiated an outgoing connection so the router knows what incoming packages belongs to whom.

If you host a Unity-masterserver it can handle the case 2. above. Every user can connect to the public master server and initiate an outgoing connection. The masterserver can share the port that is needed to perform a NAPT-punch-through.

The NAT-technique that is used (NAPT) is actually a kind of a hack and actually break the rule of the TCP / UDP port function by using it as part of the identifier. That’s why some routers behave differently since there’s only a common-used-standard.

Most routers just save the internal IP and remember what source port it’s using. When a packet with this port is incoming it is forwarded to this internal IP. Some routers also save the destination IP and only allow packages from this IP to get back in. In this case you have no way to perform a NAT-punch-through.

All in all there’s not a perfect solution available. Some users will always need to setup a manual port forwarding or setup a firewall rule in order to act as server.

Effectively if the connection fails you can’t say what is causing the problem. All you can do is provide a list of solutions to the user.