EQII and Firewalls

Rivera Bladestrike · October 23, 2004, 11:52 am

Alright, I just started trying to download EQII and its being a major pain in the ass. I live on a campus and I just read that EQII doesn't work with campus firewalls or something along those lines.

Sony Online Entertainment does not support the use of firewalls and proxies, including cable/DSL NAT routers, campus and office networks, or any type of Internet connection sharing services. However, in an effort to assist you in configuring your systems on your own, we would like to provide the following information which may help you in setting up your firewall to work with EverQuest II.

I've done router configurations by changing the UDP and TCPs but I don't have anything like that on my computer.

Pisses me off cause I have the whole weekend to play and I just got it and AS USUAL something ALWAYS fucks it up and I wind up spending tireless hours working on this shit.

So any help is much appreciated!

Zaelath · Post by **Zaelath** » October 23, 2004, 12:10 pm

To paraphrase; Sony isn't going to spend hours helping you work out why you can't get your POS firewall to work with EQ. If your employer/school/mother wants to block EQ, tough shit. This is not our problem, and we're not going to support it. However, none of that means you can't use EQ behind NAT connections or firewalls.

Rivera Bladestrike · October 23, 2004, 12:11 pm

That can't be the answer though, to cut off every single kid in a college campus would be ridiculous.

Zaelath · Post by **Zaelath** » October 23, 2004, 12:20 pm

Rivera Bladestrike wrote:That can't be the answer though, to cut off every single kid in a college campus would be ridiculous.

They're not. If your campus doesn't allow the traffic, your campus is cutting you off. If you have a normal NAT/firewall connection, which allows all outgoing traffic, you won't have an issue.

Rivera Bladestrike · October 23, 2004, 12:27 pm

I know people who are playing other MMORPGs around here though...

Mr Bacon · Post by **Mr Bacon** » October 23, 2004, 1:18 pm

Talk to them and say 'hey what do i do?' and you'll probably find the answer. just ask.

P.S. There's heavy firewall crap here on my campus but I connected to EQ2 fine.

Rivera Bladestrike · Post by **Rivera Bladestrike** » October 23, 2004, 1:22 pm

Talk to who? EQII guys or my university tech?

I was thinking of talking to my computer science professor after class on tuesday (hes a big gamer too)...

Neost · Post by **Neost** » October 23, 2004, 1:41 pm

Normally any firewall/proxy setup that allows internet access will allow outbound IP's to establish a session and any incoming traffic associated with that outbound session is allowed through.

So it's like if you send a request out to login to EQ, it allows return traffic from the login server because you initiated the conversation, there is an expected traffic flow back to you.

Then, once you authenticate to the login server, the EQ client initiates a conversation with your world server (or whatever), so once again the campus firewall would allow traffic back to your PC.

If you know anything about networks, you might try running ethereal on your local box while you connect and then check the packet capture to see if you are seeing the responses all the way back to your pc.

That way you know if the issue is with the network between you and EQ or local to your pc.

noel · Post by **noel** » October 23, 2004, 1:53 pm

Actually on the campus I work at, the university is blocking some TCP and UDP ports that are commonly associated with virus traffic. At one point, they had TCP 5000 blocked, which killed Yahoo instant messenger and Lineage.

As far as your statement that they can't block something... LOL (I'm laughing at you here, but not really in a mean spirited way so don't take it personally).

They absolutely can. Many universities are completely shutting off all P2P apps, as well as a lot of known virus ports. They're not doing it specifically to block their students from playing games etc. But mostly to reduce the traffic load, stay out of trouble with those enforcing the DMCA (Digital Millineum Copyright Act), and keep the university network running for its intended purpose... education.

The best thing to do is to find out what TCP/UDP ports EQ2 uses to connect to the servers, and then go ask your student help desk/network help desk whether or not those ports are being blocked. There's a chance they're blocking a port you need for something that's no longer a threat, and maybe they can turn it back on for you.

Rivera Bladestrike · Post by **Rivera Bladestrike** » October 23, 2004, 2:04 pm

I meant EQII blocking anything not the univeristy. I ran the ethereal program, and not one packet was capture with and without the firewall on in my computer. So I'm betting on the uni's firewall, which i had suspected mostly.

They have a number of things here:

EverQuest II LaunchPad and Patch Servers

A TCP connection is initiated from the LaunchPad client port > 1023 to patch.station.sony.com port 7000.

A UDP connection is initiated from the LaunchPad client port > 1023 to sdlaunchpad1.station.sony.com and sdlaunchpad2.station.sony.com port range 3016-3021 and 9700-9703.

EverQuest II Patch:

A TCP connection is initiated from the EverQuest II client port > 1023 to patch.everquest2.com port 7010.

EverQuest II Game Client
UDP connections are initiated from the EverQuest II client port >1023 to servers on UDP ports 9100, and UDP ports in the range 32800-33000

Additionally, ICMP messages type 0 (echo reply), 3 (unreachable), 8 (echo request) and 11 (expired) should be permitted bi-directionally between the client PC and the EverQuest II servers.

EverQuest II Servers Subnets

There are multiple IP addresses for the Patch and LaunchPad clusters, and they may change as the network demands, so check often using a DNS lookup tool if you provide a specific firewall rule for these services. The EverQuest II server IP addresses are currently in these subnets: 64.37.158.*, 199.108.2.*, 199.108.12.*, 199.108.202.*, 199.108.203.*, 195.33.135.*

I'm not the best at this networking stuff, i only know what I had to learn the hardway cause my computer never fucking work the way they're supposed to, and I wind up spending 4 hours or more on something angry and pissed off. But as far as I know, I look into my firewall and I can't open up a lot of these ports that they're asking here. Like my router back at home had a easy configuration window, but I don't know what the hell I'm doing here.

noel · Post by **noel** » October 23, 2004, 2:08 pm

Wouldn't surprise me at all to find out they're blocking ICMP in one direction or another.

There are quite a few DOS style attacks that use ICMP.

The rest of it basically just says they use ephemeral port numbers which is no great suprise.

Rivera Bladestrike · Post by **Rivera Bladestrike** » October 23, 2004, 2:16 pm

the only place I have to change the UDP and TCP is in the firewall I got with Service Pack 2, and it doesn't allow ranges, so I just typed the lowest of the two. I know its horribly wrong, but I got no idea what else.

My only savior is acquiring FarCry just a few minutes ago.

noel · Post by **noel** » October 23, 2004, 2:24 pm

Just disable your firewall completely and test it. Don't even bother trying to set a range until you know your firewall is the problem.

Rivera Bladestrike · Post by **Rivera Bladestrike** » October 23, 2004, 2:29 pm

I already tried that.

noel · Post by **noel** » October 23, 2004, 2:35 pm

If you disabled your firewall entirely, the problem is within your university's network, and no amount of playing with your firewall will resolve it.

Lohrno · Post by **Lohrno** » October 23, 2004, 2:46 pm

I wonder if it's possible to use some proxy tricks...

-=Lohrno

Mr Bacon · Post by **Mr Bacon** » October 23, 2004, 3:42 pm

Check with that professor or the other students playing mmog's (which is who i was referring to above)

Kaldaur · Post by **Kaldaur** » October 23, 2004, 4:22 pm

Rivera, I have the same problem due to my college network. Unless I am consistently interacting with the world (changing direction, saying something, using new techniques) then I lag due to the network. Combine that with Antonica lag, and it's very hard for me to play. I'm currently "negotiating" (see threatening) with ITS to reopen the ports, and a few of them are being opened up. The problem is EQ2, from my understanding, connects to random ports every time it establishes a connection, so opening a few ports here and there won't solve the problem.

murr · Post by **murr** » October 23, 2004, 4:54 pm

Just for reference, by default, SP2 (or the firewall, at least) disables ICMP. But it doesn't look like that is the problem.

Rivera Bladestrike · Post by **Rivera Bladestrike** » October 23, 2004, 7:37 pm

Thanks for the help, i'll talk to my professor, he should know, he knows just about everything about the campus' network.

Xanastik Fox · Post by **Xanastik Fox** » October 24, 2004, 9:03 pm

Copy/Paste from betaboard

Sony Online Entertainment does not support the use of firewalls and proxies, including cable/DSL NAT routers, campus and office networks, or any type of Internet connection sharing services. However, in an effort to assist you in configuring your systems on your own, we would like to provide the following information which may help you in setting up your firewall to work with EverQuest II.

EverQuest II LaunchPad and Patch Servers
A TCP connection is initiated from the LaunchPad client port > 1023 to patch.station.sony.com port 7000.

A UDP connection is initiated from the LaunchPad client port > 1023 to sdlaunchpad1.station.sony.com and sdlaunchpad2.station.sony.com port range 3016-3021 and 9700-9703.

EverQuest II Patch:

A TCP connection is initiated from the EverQuest II client port > 1023 to patch.everqeust2.com port 7010, and ablpatch.everquest2.com port 7010.

Everquest II Game Client
UDP connections are initiated from the EverQuest II client port >1023 to servers on UDP ports 9100, and UDP ports in the range 32800-33000

Additionally, ICMP messages type 0 (echo reply), 3 (unreachable), 8 (echo request) and 11 (expired) should be permitted bi-directionally between the client PC and the EverQuest II servers.

EverQuest II Servers Subnets

There are multiple IP addresses for the Patch and LaunchPad clusters, and they may change as the network demands, so check often using a DNS lookup tool if you provide a specific firewall rule for these services. The EverQuest II server IP addresses are currently in these subnets: 64.37.158.*, 199.108.12.*, 199.108.13.*, 199.108.202.*, 199.108.203.*, 195.33.135.*

Rivera Bladestrike · Post by **Rivera Bladestrike** » October 24, 2004, 9:05 pm

Yeah, I already quoted that above, will talk to the network administrator and my professor on tuesday about it, possibly offer donuts in return of access to crack.

Rivera Bladestrike · Post by **Rivera Bladestrike** » October 26, 2004, 1:27 pm

Awesome! Wooohoo! They had me set up a VPN and now I can get into EQII!

noel · Post by **noel** » October 26, 2004, 2:13 pm

Did they tell you what/why they were blocking something?

I'm curious from a professional standpoint. If you can find out, I'd appreciate it.

Thanks in advance.

Rivera Bladestrike · Post by **Rivera Bladestrike** » October 26, 2004, 3:05 pm

They didn't tell me why they were blocking it, but they said that it was "impossible" for them to change any of the firewall's ports.