Connecting between 2 Opensuse home PCs

Hello community,

I have trouble connecting two computers at my home, both are LAN connected to Archer AX50 router. The “important” task is to host 0ad on one computer and connect from another. When trying out of the box (both computers have been just updated to 15.5), it doesn’t work.

I tried to set IP forwarding on the Archer in “NAT forwarding” with sourceIP 20595, type of connection = TCP, kept 20595 port. Did not help. By the way, if the forwarding is set, do I enter into the client the sourceIP, or routerIP? Tried both, doesn’t work with either.

I used YaST on the serving machine and entered the port in firewall into the “Ports” tab. I wasn’t sure if that does anything, so I tried firewall-cmd --zone=public --add-port=20595/tcp, but it told me it’s already set.

When I try ping <sourceIP>, there are no problems (all packets received). However, when I try nc -vz 192.168.1.<sourcePC> 20595I get an error nc: connect to 192.168.1.228 port 20595 (tcp) failed: No route to host.

I don’t have much networking knowledge, so I’m not sure if the connection is even TCP, let alone how to analyze why the route does not work. Please suggest what I should do, if you have some ideas…

When you have two systems on the same LAN, having IP addresses in the same (sub-)net, they can communicate with each other. I see no need for any “forwarding” here.

Also, you say you can ping from one system to the others (and v.v.), is that correct? When yes, that proves you have connection. And your basic question is solved/never was a question.

When you want more then just ping between them , you must explain what you want (e.g. FTP, NFS, HTTP, SSH, whatever)

And a practical hint about posting computer code here.
Always post complete (prompt/command line, all output, new prompt line) by copy paste. Select the text then in the post and use the “Preformatted text” button </>. That will look like

henk@boven:~> ping -c1 beneden
PING beneden.henm.xs4all.nl (10.0.0.155) 56(84) bytes of data.
64 bytes from beneden.henm.xs4all.nl (10.0.0.155): icmp_seq=1 ttl=64 time=0.517 ms

--- beneden.henm.xs4all.nl ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.517/0.517/0.517/0.000 ms
henk@boven:~>
1 Like

Correct for ping, but nc says there’s no route to host (with the given port), so I assume that is the problem. Copying complete command is not that simple, when you have to translate it to English, but I include it bellow. Also, sharing true user names, IPs and such information is not safe, so they have to be modified.
As for “what I want” - it’s about what 0ad wants and I only assume it’s TCP connection; I didn’t find any details on that.

Ping from “client” to “server”:

--- Ping stats on 192.168.1.228 ---
...
19 sent, 19 received, 0% packet loss, time 18440ms

Route test from client to server:

oak@localhost:~> nc -vz 192.168.1.xxx 20595
nc: connect to 192.168.1.xxx port 20595 (tcp) failed: No route to host

Test from client to router (with router IP):

nc: connect to 192.168.1.yyyy port 20595 (tcp) failed: Connection refused

I had to use

man nc

to see what it is. What do you want to do with it?

I get a strong idea that you want something you do not explain and in trying to do what you want, you stumbled into nc.

And you call one system “the server”, but what is it supposed to “serve”? A system can provide many services (like e.g. cups, ftp, ssh, http, nfs, …). What is this one (assumed) to serve?

When you system is not in English, prefix your commands with LANG=C, e.g.:

LANG=C ping -c1 beneden

I differ from opinion here. Looks over careful.
And hiding IP addresses in the 192.168.1/24 subnet is ridiculous. That is a private address range that almost everybody has at home.

1 Like

Probably kind of true. I’ve googled how to test a route and nslookupis not available on the PC, while nc is.

what is it supposed to “serve”?

As said, the serving pc runs 0ad, where I press “Host a game” and keep default port 20595. Then I start 0ad on the other PC and run “Multiplayer” → “Connect to host” (something like that in English), enter host IP address, keep default 20595 port. It takes a minute and then error message is displayed. I noticed it mentions UDP protocol and found somewhere someone said both TCP and UDP forwarding has to be set on the router (well, maybe it doesn’t apply to a local network, that’s what you said…). So I added UDP forwarding on the router as well, but id didn’t help.

I suspect it’s either incorrectly set forwarding, or incorrectly set firewall on the “server”. I assume I don’t have to allow anything in the firewall on the “client”.

hiding IP addresses in the 192.168.1/24 subnet is ridiculous

I’d say it used to be, not true in my setup and I think not a practice on new devices anymore. I don’t understand networking details, just follow cyber security guidelines we have at work also at home, just to be on the safe side.

When you are so security consious, you better do not play with IP forwarding and NAT on your router (to the Internet) as long as you do not know what you are doing.

Do I now understand that

is not a host, but a program?

You can check if a program is listening on port 20595 on the server with

netstat -tlpn

Also, you can switch off the firewall on the server temporary to check if that is blocking the port.

Thank you for the tip. netstat is not in Leap 15.5 and is taken out of net-tools package, apparently. Quick googling:

ss is the program to use. Netstat is obsolete.

So I ran ss -tlpn, it seems to do what was intended, the IP and port is not there though. I also tried just ss | grep 20595 (ss itself outputs hundreds of lines) and got no result. I can see a ton of <myIP>:<anyport>, but not the one with 20595.

So I assumed it won’t list it due to firewall, turned off firewall temporarily, started hosting again and run ss again, no difference.

I found out 0ad is a game but I could not immediately find a way to connect two machines together. Is there some description for that?

Hi Marel,

I can’t find anything right now, but there was a very brief description somewhere on the project web site. Anyway, here is (translated, might be inacurate) how to run it from the main menu: “Game of more players” → “Host game”
On the Client computer then: “Game of more players” → “Connect to a game”, filling in the IP address of the host computer.

Do you mean this TP-Link Router? – <https://www.tp-link.com/en/home-networking/wifi-router/archer-ax50/>


A little tip –

  • For the case of a private LAN or WLAN – with private IP addresses – don’t mess about on a typical home router – leave it as it is.
  • For all the systems connected to that private at -home network – with private IP addresses (don’t care if private IPV4 or private IPv6 addresses – which is usually the case for such routers … ) – turn off the firewall on the machines directly connected to that network.

For the case of openSUSE machines, in YaST → Safety and Users → Firewall:

  • In the Interfaces section – set the Ethernet zone to “trusted”.

If you’re using Laptop machines, use the Network Manager applet on the user’s GUI to do the same for both the Ethernet connection and, the WLAN settings for you local, private, WLAN.

Sorry about the depricated netstat. I have it installed and use it since more then 30 years, thus I sometimes forget it isn’t there by default.

I assume you have that port number 20595 out of some documentation. BTW, when you think it is listening on UDP, you must use the -uoption. And I also think you must run this as root when you want the -p to work. So that should then be

ss -tulp | grep 0ad

to see if the oad program is listening anywhere on some port.

And yes, when the oad program does not listen, you can of course not make a connection to it from anywhere.

Yes, correct.

Interesting. Do I understand it correctly, that router’s firewall should protect my home network and it’s not needed on the machines? Is there any resource with this instruction from OpenSUSE, by any chance? I’ve never heard about this, but then I’ve never found a meaningful tutorial for OpenSUSE home network. I’ve had a lot of troubles related to firewall over the years, so I’d be happy if I could confidently turn them off on the machines and rely on the router.

This is of course a different subject. People may differ on how they think about firewalls on the system. Of course your router has/is a firewall (as long as you do not meddle around with NAT, etc. :slight_smile: )

If you want to protect your system(s) against access from within the LAN, or prevent users from connecting outwards (for certain traffic) is your own decision.

I think most of people wouldn’t know what to think, unless studying the subject for month. I work in IT and program services and yet know close to nothing about firewalls, forwarding, etc. This stuff do infrastructure colleagues, who know nothing about programming… That’s how it works these days :smiley:

I’ve been running SuSE/OpenSUSE at home for over 25 years without any breach and want to keep it that way, but there’s always something I can learn. I turned off firewalls on the PCs after deleting all the rules I’ve set on the router. I’ll try to research the subject a bit, but makes sense what was suggested.

I’ll test the game/connection again with both firewalls on PCs off.

Success! So turning firewall off on both computers resolved the issue. If I wanted to keep the firewalls on, probably setting exception for 20595 port on the client machine as well (as on the server, which I did) would resolve the issue too (which I wouldn’t think should be the case).

You can adjust your firewall to allow traffic from the remote machine on port 20595. For example, assuming using the ‘home’ zone, if the remote machine IP is 192.168.1.20 (on a 192.168.1.0/24 network), then on the local host you would do (as root)…

firewall-cmd --zone=home --add-source=192.168.1.20/24 --permanent
firewall-cmd --zone=home --add-port=20595/udp  --permanent
firewall-cmd --reload

If there is an active firewall on the other machine, you need to add reciprocal rules.

Using a rich rule…

firewall-cmd --permanent--zone=home --add-rich-rule='   rule family="ipv4"   source address="192.168.1.20/24"   port protocol="udp" port="20595" accept'
firewall-cmd --reload

More info:
https://www.computernetworkingnotes.com/linux-tutorials/firewalld-rich-rules-explained-with-examples.html

Check all your local computers have each other in the lists of /etc/hosts ?

cat /etc/hosts

.

He seems happy to work with IP addresses.

If access to Internet via a Router to an ISP then –

  • The IP addresses of the private LAN/WLAN hosts are provided by means of DHCP by the Router.

The Router normally has an active Firewall preventing incoming access via the ISP.
Many ISPs also disallow access to their customers’ Routers via the Internet – and/or they have an Internet Port where their customers can access their Routers by means of an IP host name with a hash included in the name.

In my case, the primary IP link to my ISP has an IPv6 address which is changed daily by my ISP.
IPv4 traffic is handled by a DS-Lite-Tunnel via the assigned IPv6 address – I’m suspected that, at any point in time the IP address used for IPv4 traffic is shared with other customers of my ISP …