Question So I'm trying to set up a game server...

Turbonium

Platinum Member
Mar 15, 2003
2,109
48
91
See thread (I figured I'd make another thread, as I have networking-specific questions not necessarily related to security).

As mentioned in the above thread, my game server is currently set up behind a managed switch, which is connected to my router. However, I can't seem to connect to the server at all with my other machine (from within the game) after setting up port-based VLANs.

Details that may be important:

- game server is running within a guest OS (VM) in NAT mode, with relevant ports forwarded accordingly
- relevant ports are also forwarded with the router
- port-based VLANs have been set up with the switch (see below)

5 ethernet ports on the switch:
[ 1 ][ 2 ][ 3 ][ - ][ - ]

port 1 goes to router/Internet
port 2 goes to main machine (not server)
port 3 goes to server box
ports 4 and 5 are unused

I set it up as follows:
VLAN1 as ports 1 + 2
VLAN2 as ports 1 + 3

The idea being that I want both rigs to have access to the Internet (through port 1), but not access to each other, except through the Internet itself (through port 1).


I need to know if I've set things up properly thus far, and why I can't connect to my game server anymore (ever since setting up port-based VLANs as described above). Any help would be appreciated.
 
Last edited:

Red Squirrel

No Lifer
May 24, 2003
67,194
12,025
126
www.anyf.ca
What kind of router do you have? You will need something that supports vlans too, and trunk ports. 1 would be set as trunk. You can think of a trunk port as being multiple vlans on one port. I guess similar to have fibre optic lines will have more than one type of service on it like TV, phone etc. At the router each vlan would then be assigned to a virtual interface. Then in the firewall rules you can set the rules on a per interface basis.

For the VM I would also do bridged mode, as long as the game server and rest of network is on a different vlan it will accomplish the same thing of splitting it up.
 
  • Like
Reactions: aigomorla

Turbonium

Platinum Member
Mar 15, 2003
2,109
48
91
What kind of router do you have? You will need something that supports vlans too, and trunk ports. 1 would be set as trunk. You can think of a trunk port as being multiple vlans on one port. I guess similar to have fibre optic lines will have more than one type of service on it like TV, phone etc. At the router each vlan would then be assigned to a virtual interface. Then in the firewall rules you can set the rules on a per interface basis.
It's a consumer-grade router (DIR-601). I don't think it formally supports such things.

Why would it need to though? Should this not work with simply port-forwarding as I did above?

For the VM I would also do bridged mode, as long as the game server and rest of network is on a different vlan it will accomplish the same thing of splitting it up.
I'll try bridged mode and see how it goes (I was using NAT as I understood it as being more "secure" or better isolating the VM/server from my network).

UPDATE:

Bridged mode makes my VM behave like its own system on the network, with its own local IP, as expected, but I still can't get it to connect. I even forwarded the appropriate ports on my router to the IP. It was working before, but the port-based VLANs have broken it somehow.

I'm not sure why trunking is necessary (not saying it's not, but I'm not understanding it).

Say I'm on my main rig. I send a request to connect to my server via the Internet (using my public IP within the game in question) using port X. It then goes through the Net like so:

main rig > switch > router > Internet

It then returns like so:

Internet > router (port X forwarded) > switch > server

What am I missing? Like, it was working fine before the VLANs.

EDIT2:

My router has to support tagged VLANs, right?
 
Last edited:

aigomorla

CPU, Cases&Cooling Mod PC Gaming Mod Elite Member
Super Moderator
Sep 28, 2005
20,839
3,174
126
My router has to support tagged VLANs, right?

Yes or having a layer 3 switch to handle inter VLAN communications on your network...
Otherwise as RS states you would need to trunk the WAN and bridge off VLANs and set it up that way.
 
Last edited:

Turbonium

Platinum Member
Mar 15, 2003
2,109
48
91
Yes or having a layer 3 switch to handle inter VLAN communications on your network...
Otherwise as RS states you would need to trunk the WAN and bridge off VLANs and set it up that way.
I'm not understanding why though, conceptually (I like to know what I'm doing/why I'm doing it, not just how to do it).
 

Turbonium

Platinum Member
Mar 15, 2003
2,109
48
91
According to this, I should be using either 802.1Q or MTU, instead of port-based VLAN (the examples/schematics on the site are very similar to my setup, though I'm having trouble differentiating between the two types of VLANs).

dir-601 has 3rd party firmware DDWRT/OpenWRT support, I'm afraid neither supports VLAN, however.


Would a DIR-615 with stock firmware do the job?

(I truly dislike the look of newer consumer routers, which is why I'm looking at models that are this old.)

I tried looking at business routers, but it all gets overwhelming, very fast (lots of features I'm not familiar with).
 
Last edited:

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
Not good at VLAN.

However:

Apparently DDWRT firmwares of DIR-615 (only 4MB ROM) https://dd-wrt.com/support/router-database/ do not support VLAN
IIRC, it seems 8MB ROM is a minimum requirement for any router that can supports VLAN.

You can take a look at FreshTomato.org (based on TomatoUSB/AdvancedTomato and the only one being actively maintained & updated) supported consumer routers at its download link
https://www.linksysinfo.org/index.php?forums/tomato-firmware.33/ <-- support forum
another place https://www.reddit.com/r/TomatoFTW/
you might want to refer to TomatoUSB/AdvancedTomato for docs at the moment.

==


==

Along with VLAN. you might also want to take a look at ZeroTier VPN as well.
Very easy VPN setup, completely free up to 50 devices. No special devices required.
All platform supported. No port forwarding. Access your devices from anywhere.

Some models from Mikrotik supports VLAN & ZeroTier at the same time.
You don't need Mikrotik router to get ZeroTier to work though.


==

You can use this TP-Link router on the cheap too and turn your old DLink routers into AP.

 
Last edited:

Turbonium

Platinum Member
Mar 15, 2003
2,109
48
91
Not good at VLAN.

However:

Apparently DDWRT firmwares of DIR-615 (only 4MB ROM) https://dd-wrt.com/support/router-database/ do not support VLAN
IIRC, it seems 8MB ROM is a minimum requirement for any router that can supports VLAN.

You can take a look at FreshTomato.org (based on TomatoUSB/AdvancedTomato and the only one being actively maintained & updated) supported consumer routers at its download link
https://www.linksysinfo.org/index.php?forums/tomato-firmware.33/ <-- support forum
another place https://www.reddit.com/r/TomatoFTW/
you might want to refer to TomatoUSB/AdvancedTomato for docs at the moment.

==


==

Along with VLAN. you might also want to take a look at ZeroTier VPN as well.
Very easy VPN setup, completely free up to 50 devices. No special devices required.
All platform supported. No port forwarding. Access your devices from anywhere.

Some models from Mikrotik supports VLAN & ZeroTier at the same time.
You don't need Mikrotik router to get ZeroTier to work though.


==

You can use this TP-Link router on the cheap too and turn your old DLink routers into AP.

Thnx for the help thus far (as I'm having trouble researching this on my own).

Where are you getting your information regarding the 8 MB minimum for VLANs?

And yeah, I've been looking at some TP-Link models. I don't know what you mean about turning my router into an AP though. I'm quite new at this.
 
Last edited:

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
Where are you getting your information regarding the 8 MB minimum for VLANs?
From my own past experience. I had a TPLINK travel router that has 4MB only and couldn't flash firmware that has VLAN feature.

AP = Access Point. Either standalone unit without routing feature or Wifi router running in AP mode, where WAN port is not used and uplink one of the LAN ports to the main router.
 

Turbonium

Platinum Member
Mar 15, 2003
2,109
48
91
From my own past experience. I had a TPLINK travel router that has 4MB only and couldn't flash firmware that has VLAN feature.

AP = Access Point. Either standalone unit without routing feature or Wifi router running in AP mode, where WAN port is not used and uplink one of the LAN ports to the main router.
Oh, I know what an AP is, but I just don't know how I can use my current router (DIR-601) along with the TP-Link router you suggested, in order to get wireless out of it. Unless I misunderstood something.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
like this

where Existing Wired = TPLINK router, yet New Wireless Router = old Dlink router in AP mode.

add-wireless-ap.png
 

Turbonium

Platinum Member
Mar 15, 2003
2,109
48
91
Last edited:

Red Squirrel

No Lifer
May 24, 2003
67,194
12,025
126
www.anyf.ca
That could work. Not typically how it's done, but if the router does in fact have multiple LAN ports that are configurable it's one way of doing it without using trunking. You only then need to worry about vlan config at the switch level.
 

Turbonium

Platinum Member
Mar 15, 2003
2,109
48
91
That could work. Not typically how it's done, but if the router does in fact have multiple LAN ports that are configurable it's one way of doing it without using trunking. You only then need to worry about vlan config at the switch level.
I'm honestly having a hard time wrapping my head around 802.1Q and trunking, and given my setup will be fairly static and unchanging, I'm going with port-based VLANs for the time being.

And I'm 99.99% sure this router meets the criteria, among others.
 

Turbonium

Platinum Member
Mar 15, 2003
2,109
48
91
I'm trying to access my router's UI through its default IP (192.168.10.1), but I keep getting an error, regardless of what Web browser I use.

Chrome:
This site can’t provide a secure connection
192.168.10.1 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.


Edge:
The connection for this site is not secure
192.168.10.1 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Hide details
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.


Any ideas as to what might be wrong?

(I already tried specifying HTTP by putting in http:// before the IP address, but it doesn't work in either browser.)

EDIT: Figured it out. I think it was a bit of an obscure problem with the TLS version the older firmware used, and compatibility with newer browsers.
 
Last edited: