Multiple IP addresses for a single srcds server

[apatrid]

Hello all,

I have searched the forums, and except for this gentleman noone tried anything similar to what I am trying, thus the new thread.

I want my single srcds server to be available via multiple IP addresses. I have two upstream links and my users could benefit from accessing the server from different geographical areas via relevant (faster) links.

My server is on linux, it is currently run with command

Code:

/bin/sh ./srcds_run -game tf -autoupdate -tickrate 66 -maxplayers 24 +map cp_granary -debug -dir . &

so server listens on default IP address on port 27015:

Code:

netstat -lpn | grep src
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp        0      0 127.0.1.1:27015         0.0.0.0:*               LISTEN      1482/srcds_linux
udp        0      0 0.0.0.0:27005           0.0.0.0:*                           1482/srcds_linux
udp        0      0 0.0.0.0:27015           0.0.0.0:*                           1482/srcds_linux
udp      312      0 0.0.0.0:27020           0.0.0.0:*                           1482/srcds_linux
udp        0      0 0.0.0.0:26901           0.0.0.0:*                           1482/srcds_linux

I have multiple interfaces installed, with multiple IP addresses -
eth1 has a private IPv4 address from my LAN,
eth2 has a private IPv4 address from the same LAN (and it has IPv6 address, but that's irrelevant)

I also have firewall capable of doing NAT; at the moment I have one public IP address NATed to eth1, and other public IP address NATed to eth2; however my server registers with first public IP and is not available via other IP. I was trying to add two addresses with +ip or -ip, two with just one switch, but whatever I do it always registers with first address given and ignores next IP.

I really want the SAME game to be available from different IP addresses, than I can publish one C class via other ISP and offer lower latencies to some clients that have high ping atm via first provider. See, problem is that same clan members needs to practice, and one third of players has better ping via secondary link, while majority works better via first link...so I really want everyone to be able to join same server, but via different physical routes. Is there any hope? I have full root access to the server, I can change OS if that would matter, I am capable of configuring server and firewall, and the way I configured it would work perfectly fine with Apache, so I reckon problem is with the server-client relationship where my server insists to use single IP (thus single route) to register with Master B®owser. I do not even need server to be available via browser with both addresses, I just need it to be available for game via two IPs.

If you ppl have any idea I would appreciate help since I've been trying to figure this out all afternoon :] Thanks for the reading if you came this far, even if you can't help :]]]

[Mooga]

If you don't list an IP, it wont let you join via the both IPs?
The only other thing I can think would be a way of internally forwarding traffic from one IP to another, but I'm not sure if this is possible.

[trewq]

As mooga has said, the only way I can think of doing it would be to use IP tables to forward all trafic from your second link to the first nic before it even gets to the server.

[BehaartesEtwas]

Yes it's possible if you redirect the UDP traffic from the second IP to the one the server is really listening on (using NAT). But still your server will be listed with only one IP in the steam server list.

[apatrid]

(10-20-2010, 06:44 PM)BehaartesEtwas Wrote:  Yes it's possible if you redirect the UDP traffic from the second IP to the one the server is really listening on (using NAT). But still your server will be listed with only one IP in the steam server list.

That suits me, I just need to have an alternative route to the existing game via alternative uplink I use. I was hoping I could resolve this without employing iptables, but anyways, a man's gotta do whatta man's gotta do. I believe it'd be enough to copy to extra interface all incoming and outgoing tcp and udp on ports 27003-27015...I just hope it ain't gonna be lagging my server cuz of the processor workload.

Thanks for your replies, gentleman.

[trewq]

It shouldn't be that much extra work load all it is doing is giving packets from one interface to another.

[BehaartesEtwas]

no it works well. I ran that way for quite some time when I changed the IP. and there wasn't even a difference between the two IPs... it's all done directly in the kernel and thus very fast.

[jimmy69]

I concur, I noticed no difference playing on one IP versus the other while forwarding traffic from one IP to the other using IPTables. Although you will not be listed on the master server for the servers traffic that is being redirected. Sure there are workarounds, but if you're looking to do this legitimately, you will not be listed.


Any correlation to https://forums.alliedmods.net/showthread.php?t=140808 ?

[apatrid]

I want the same server to be available via two different IP addresses; if it's going to be listed for just ONE ip address, that is super-fine with me; as long as I have an alternative IP to offer to players with bad pings.

Another thing interests me - I have found howtos to clone traffic with iptables, however my version is newer and it doesn't support -tee nor it does support --gw or --gateway command switches; could you guys help me away with syntax for iptables 1.4.4 or newer?

[apatrid]

I've been going all day at it, and it ain't workin', lol, driving me nuts.

root@server:~# iptables -A PREROUTING -t mangle -i eth2 -p udp --dport 27003:27015 -j ROUTE --oif eth0 --tee
iptables v1.4.9.1: unknown option `--oif'
Try `iptables -h' or 'iptables --help' for more information.

I was following howtos from netfilter.org, and i even updated iptables from 1.4.4 to 1.4.9.1 (latest stable ver.) but to no avail.
I guess it'll wait for Monday and more inspiration on my behalf

[databomb]

I was in a similar situation where I had two public interfaces and having -ip 0.0.0.0 would not correctly listen on both IPs. This is problematic when you have redundant Internet connectivity but you're under DDoS attack and need your server accessible from the other link.

This is what I ended up using:

iptables -t nat -A PREROUTING -i eth1 -p udp -d SECONDARYIP --dport 27015 -j DNAT --to-destination FIRSTIP:27015

Both servers are queried in-game and accessible via their independent geographical links (e.g. tcpdump shows traffic coming to and from the SECONDARYIP:27015 when players connect to it.) The query from Steam shows some kind of error about server 0.0.0.0 being unavailable and I've yet to find the cause. It's unclear what affect, if any, this will have on the master browsers. From reading your posts it seems the master browser still binds to the primary interface which is fine by me, until I get DDoSed again and need it to listen on the second link.

From what I gather, Valve isn't interested in helping server owners with these kinds of problems. I have yet to try this but using SNAT in POSTROUTING on the VAC/query port (default 26901) could do what I want under emergency conditions where the first interface is unavailable; however, it's unclear what negative affects this would have when done when they're both online.

[apatrid]

thanks for posting the answer, i knew it was hidden somewhere in iptables.

however, i figured out that i really couldn't improve latencies significantly, so i didn't bother with this longer. i just tested addresses separately and figured out that it ain't worth trying anymore.

thanks for the right syntax nevertheless - i am sure someone will be able to use it.

[Dragineez]

OT, but - I notice you have port 27020 listening. Are you running SourceTV and is it working for you?

[apatrid]

(03-26-2011, 03:28 AM)Dragineez Wrote:  OT, but - I notice you have port 27020 listening. Are you running SourceTV and is it working for you?

yes, and yes. it is not "fixed" port, you can also move it around as you wish, doesn't have to be 27020.

[Dragineez]

Cool. Does anyone know if SourceTV works on Left4Dead2 yet?