GameRanger Behind Symmetric NAT Router

Assalamualaikum.

I hope you all will be fine and in good health. Sorry for not introducing myself first and getting directly to the point. *Time is always on the run*....

I am a network administrator and I provide internet service to users in my area. I'm providing them access through a ISA Server (ISA Server 2004) which is installed over Windows 2003 Server.

Now, the issue, Scenario-1....

I have been having a weird issue with GameRanger. I can start GameRanger and log in to it's lobby where I can see various servers of different games but when I try to connect to any server or host my own server, it says that I'm behind a symmetric NAT router (Which I think is my ISA server), due to which I cannot see the servers (in-game) which my friends have hosted (The server list in the game remain empty). They can see each others server but I can't find their server because of this problem. When I looked at GameRanger own support it said that I need to port forward 16000 (UDP).

Now, I want to tell you that I don't have any port restrictions in place. All ports are opened. To solve the problem, I have even placed a separate firewall policy for allowing port 16000 UDP to be forwarded but it was to no use. I still cannot view my friends server and they cannot join mine even when I host it. I've currently removed the policy for allowing port 16000 because it didn't solved the problem. My guess is that I'm not configuring it right somehow and need able assistance in this regard.

I said that I do not have any port restrictions in place because I can view internet servers of counter strike (LeoNet, Fariya etc) and I can even play games through Garena (Such as HAWX). If there were any port restrictions in place, I could've not be able to play games online at all.

Now, Scenario-2...

When I disconnect my ISP LAN cable from the ISA server and connect it directly to my PC the problem no longer persist. I can join them and they can join my server. But as soon as I plug it back to the Server machine I start getting this problem again.

----

I don't have any ISP router which is providing internet access to my ISA server. I have a CIR based internet connection and my ISP provided me a Fiber to LAN media converter only. Which is connected to one LAN interface in the server. The other LAN interface of the server is connected to a normal 8 port Ethernet switch, which is providing internet facility to the users.

To give you a clear picture of the problem I'm attaching an image for better understanding.

---

Any step by step guide will be HIGHLY appreciated

I think the only solution will be DMZ. But it has to be trickle down. However, I'll suggest to enable DMZ only when you are going to play and immediately disable DMZ after playing game, otherwise your operating system will be working all kind of work to prevent any attacks on your IP address.

DMZ (De-militarize Zone) (check wikipedia for more information) allow forwarding of everything (TCP/UDP) (other than that was not initiated from NAT) directly to only one PC in your network.

In your scenario, you probably need to DMZ (if possible) the "Windows Server 2003". Then you need to DMZ your router (using Windows Server 2003). Then in your router you'll DMZ your PC (in your router's settings). I hope you get the idea. I'll explain by own current settings:

I don't have this complicated setup in my home, however, it is as following:

[Wateen WiMAX Device] ---> [WiFi/Wired Router] ---> [My PC] (plus all other wired and wireless desktops, HTPC, laptops, cellphones etc.)

Although NAT and UPnP are enough to run almost all of our applications. If I ever need to run something special then I enable DMZ in Wateen's Device to put my router in DMZ zone. Then, in router, I enable DMZ and put my PC in DMZ zone. This way, all non-NAT and non-UPnP traffic is directed to my PC. Normal applications on other computers/devices on network will still work. Normal applications will also work on my PC too. However, Wateen's device's firewall and router's firewall will render useless. Because they'll probably forward all attacks (if any) to my PC. And my PC's Windows 7's firewall will have to work up to handle all attacks (if any). But all applications/games that are not compatible with NAT or UPnP will work as they are directly connected to internet, as all non-directed TCP/UDP will be forwarded to your PC. You can even run all old servers on your PC too.

Modern server applications can be used with NAT/UPnP or with manual port forwarding. However, DMZ will work with 99.99% of older server applications.

By the way, I have no idea how to DMZ on Windows Server 2003. You'll need to Google to search how to do it on your Windows Server 2003 and your router. DMZ settings would probably be more easier in your router, consult it's manual. Good luck.

Thanks for the detailed response. I appreciate your help and time. Although, i failed in finding any method to enable DMZ in windows server 2003. I guess it can be done through a router but as you can see I currently don't have any router in place. If you can help me in finding a relevant solution, it'll be much appreciated. I'm looking for solutions aswell.

Dear, that's why I don't have Windows/Linux server in network (other than File Server). Because I have no idea how to do DMZ in them. I have router and it is very easy to do router settings to enable DMZ.

As you put Windows Server 2003 yourself, that's why, you have to do configure it yourself to enable DMZ :) Search google for more help or consult Microsoft's KB or Help. That's all I can do. I can only show you the way (DMZ is the solution), it is you who have to walk through it. Good luck.