Forwarding ports for Peer-To-Peer gaming on retroarch

[jerol]

Hey,

So I'm trying to forward my ports to be able to play with a friend of mine.

So I'm wondering as to what ip to put in the port forwarding section? Is it the one found when running ip a, and searching for the inet part under the network interface you're currently using?

Also, after the ports are forwarded, the ip I'll give to my friend is my public ip, right? Which to my understanding can't be looked up from the command line, if you don't count curling a website (correct me if I'm wrong).

[alamahant]

You can get external ip by

[jerol]

Wait my public address will also change?

And by configuring my LOCAL ip statically it won't change after awhile if my isp changes it?

And yeah I'm aware of the range of the needed ports.

[alamahant]

[jerol]

Bear with me here, I don't know much if anything when it comes to networking.

That being said, why would I want to configure it statically if it will always remain the same?

[alamahant]

[jerol]

Oops, I read the previous replies wrong, I get it now.

Are the public and local ip changes somehow interlinked with each other?

[alamahant]

No
_________________

[szatox]

[jerol]

They do what exactly to save IPs? Make it so that I can't look up the public IP from the terminal?

Also I have no idea whatsoever when it comes to UPnP, all I know frankly is that I need to forward the port TCP 55435. I did infact consider the possibility of bridging our machines through hamachi or other derivatives, but I came to the conclusion (after reading up about it and based on previous experiences) that it's best for me to do things manually both security wise and the fact that I can actually learn something while doing it.

Though if all else fails there's still another possibility, that being my own cloud server. I wonder if I could use it to bridge our machines?

[szatox]

[jerol]

I'm not sure if we're all using the same public IP.

And yeah I can add a rule in the "Port Forwarding" -section in my router's web interface. Wait some ISP's they really do that nowadays, that you can't access it or modify it through the interface? Also what do you do when you punch through a NAT? The same thing as adding a role to forward traffic coming from outside the NAT?

Not sure about OpenVPN or Wireguard, the only thing I've done with Wireguard was to setup my other vpn for my own traffic to go through. I'll have to study some things I guess.

[Hu]

I think it may be useful to take a step back and explain some of the principles involved here.

To communicate with other machines, you need an IP address on each end, and the peers need to know the relevant port on the remote machine. If you were both on a LAN in the same room, this would be trivial. You would be 192.168.0.2 and friend would be 192.168.0.3. [1] You stated the port you wanted for your game. Friend would connect to that port on your IP, and you would be done. You are not on the same LAN in the same room, so this is more complicated. The first level of extra complication, which was common for home users for many years, is that your Linux desktop has address 192.168.0.2, your router has a public IP address of 1.2.3.4, and friend has a public IP address of 5.6.7.8. [2] You would configure your router such that traffic sent to 1.2.3.4 on port 55435 would be rewritten by your router to be destined for 192.168.0.2 on port 55435, and then sent into your LAN, where your Linux desktop would receive it. As an implementation detail, which you would not configure, the router would handle the reverse rewrite when you respond to your friend. In this case, you would tell your friend to connect to 1.2.3.4, because you want the traffic to go to your router. (Since your friend is on the far end of the public Internet, it is not valid for him to use your Linux desktop's IP address of 192.168.0.2. The intervening Internet Service Providers will not route that address to you, so it will either mean nothing, or it will refer to some other computer on friend's LAN. Either way, it doesn't do what you want.)

As others have noted here, it is common for ISPs not to give you an indefinite lease on a single specific public IP address. They rely on most people not remaining online constantly, and rotate the public IP addresses that they have available among the customers who need them at the time. For routing purposes, your ISP neither knows nor cares how many private range addresses are hidden behind your router, nor what systems use them. As far as the ISP is concerned, you have one IP addresss, 1.2.3.4. Since your ISP does not know, they cannot correlate their operational decisions to your private addresses.

The rationale for statically assigning private range IP addresses to specific systems is that it eases maintenance for you. If you tell your router to give your Linux desktop a randomly chosen address in the range 192.168.0.x, then on every renewal, you might get a different private IP address, at which point you need to go reconfigure the NAT rule in your router. This is unnecessary work when you can guarantee that your Linux desktop is always 192.168.0.2, and then direct the router's NAT rule once accordingly, and have it remain correct indefinitely.

Separately, there is a concern here about whether your "public" IP address issued by your ISP is truly public in the sense that you could give it to one of us and we could send a packet to your router, or if your ISP is running another address-rewriting router in their local office. If they are, then your "public" address on the router will itself be a private non-routable address that is not useful to share with us. In that case, you would need someone with NAT-administrative access on that router to write the forwarding rule for you. It's possible, but in my opinion not likely, that your ISP would offer a web portal where you could change that.

I suggest you do the following:

1. Look up the IP address of your Linux desktop's Ethernet card.
2. Look up via your router's administrative interface what public IP address it claims to have.
3. Look up via a public service your apparent public IP address.

Tell us:

• For each such address, is it an rfc1918 private range IP address [3], or not. If it is, you can tell us the specific value. If it is not, you may wish to assign it a fictitious value for discussion.
• Whether the addresses in points 2 and 3 are the same. If your router and the public service agree, then you are not behind a Carrier-Grade NAT, and we only need to sort out basic port forwarding in your router. If they are different, your setup is more complicated.

[1] These are example values that commonly appear, but other values are also possible.
[2] Again, fictitious addresses. The key part is that they are not rfc1918 private range IP addresses.
[3] Any of 10.x.x.x, 172.16.x.x - 172.31.x.x, 192.168.x.x. Also known as 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

[jerol]

Thanks for the reassuring info as well as the things I weren't aware of before.

Since I'm not using Ethernet, but Wifi instead, I think it's safe to say that I need to look up the IP of the Wifi card. Also I'd like to clarify that I'm on a laptop, if that matters.


So I managed to get ahold of all the addresses:

[1] Probably safe to share since it starts with 192.168, right?
[2] Same thing here, it start with 192.168 so it should be safe to share.

So the first two are same right because they both start with 192.168? Also as a side note, below the IP aswell as the Subnet Mask there's a toggle option for the DHCP server. And below it is the IP pool as well as the lease time. I guess that refers to the router's IP.


[3] Pretty sure this one is not safe to share, because it doesn't start with any of those that you specified.

[Hu]

[jerol]

The first one [1] being my computer's address is 192.168.32.133.
While the second one [2] being the router's address is 192.168.32.1. It is also the same address as the one I put on the URL bar when I want to access the web interface of the router.

The model of the router is ZTE MC801A and upon further inspecting the manual on my ISP's web page, it infact states that if you want to have two way connections, you'll need to pay an additional fee. Had no idea of restrictions like that, wow. But yeah I guess that's ruled out then.

I'm willing to try the mentioned VPN tricks.

[szatox]

Your router has at least 2 IP addresses and you picked the wrong one

[jerol]

After looking around some more I found the WAN address. That's it, right? It starts with 10.

[alamahant]

[pietinger]

[Hu]

[NeddySeagoon]

Team

So far, we are all talking IPv4. The NAT tricks are to get around the fact that the IPv4 address space was exhausted a few years ago.
If everyone involved has IPv6, that could just work.

[jerol]

So let me just once again confirm: Although the Wide Area Network (WAN) address, theoretically should be a Wide Area Network address like stated, however it is not the case because the ISP has scrambled it into a private address, for their own profit. Or as they call it, for my own security?

And also I have a gateway, if that simplifies things. Therefore it is wireless to the ISP's central office.

As for the IPv6, I'm only seeing the one that starts with fe80.

[NeddySeagoon]

jerol,

The IPv6 address starting fe80 is not useful. Its site local and not routable outsite of your network.

Your end of the problem looks like this

[jerol]

Alright I think I'm starting to grasp the situation at hand here. That being said however, I'm calling it quits atleast for now because my current VPS plan wouldn't cut it for the server and my friend won't budge.

Thanks for the help all of you. The situation was a lot more complex than I initially thought, but atleast I learned quite a lot.