TA's network communication method

TA on the PC is using Microsoft's DirectPlay Application Programming Interface (API) to set up and to process a multiplayer game. Since TA was develeoped some years ago it still uses the old API call interface which was redeemed by new calls in DirectX 8. Notwithstanding TA benefits from newer DirectPlay features introduced with later versions of DirectX (like Universal Plug and Play support) because those are seamless integrated below the API layer TA is utilising.

The TA port list

Port(s)	Direction	Protocol
47624	inbound	TCP
2300-2400	inbound	TCP/UDP
all ports	outbound	TCP/UDP

Note that outbound traffic can not be restricted to the port range 2300-2400 plus the single port 47624 because peer TA instances residing behind an UPnP entity are exposed to the Internet by unpredictable port numbers the UPnP entity chooses in order to act in behalf of the internal LAN TA instance(s). You can still restrict the outgoing traffic to the normal, not UPnP spoiled DirectX 7 ports but then you won't be able to join up with any UPnP handled TA instance.

Getting thru the firewall

Firewalls exist either as software solutions or hardware implementations in routers, DSL and cable modems (in most cases a cable or DSL modem has a router integrated nowadays). No matter behind what kind of firewall you are, you have to open the above ports in the firewall settings. Some software firewalls allow you to give an applications full access to the Internet by their program path and name rather than on a port base. This simplifys the firewall configuration process for TA since all you need to do is to add totala.exe to the list of applications granted full access to the Internet. This is only possible if the software firewall runs on the same computer you play TA on though.

TA and IP masquerading (NAT) devices

TA is a peer to peer game which means every computer in a multiplayer game is host and client at the same time. If you are behind a router or proxy server which masquerades the private network's IP addresses beyond the router or proxy for computers on the Internet - a process which is also called Network Address Translation (NAT) - then just opening the firewall for those ports isn't enough. In this case you have to forward incomming connection requests from the Internet arriving at the NAT device and directed to the ports listed above to the the private IP of the computer that runs TA.

More details about how to get TA working in a NAT environment can be found in the NAT section of this site.

Configuring a Red Hat 7.2 Linux software router using the iptables firewall for TA

todd was so kind to provide a perl script that dumps the additional rules required for playing TA from behind a Red Hat Linux router running the iptables firewall with NAT option enabled into a text file. This rule set hits two birds with one stone: Opening the ports and forwarding them to the TA computer.
todd wrote me that the iptables firewall is supposed to work with rules that cover a range of ports but he didn't get that working so he had to fall back to a list that enumerates each of the 102 required DirectPlay ports (many hardware routers have the same problem - they don't support port range forwarding in their configuration setup). Since it would be a pain to create those rules one by one by editing the firewall configuration file he came up with this perl script. todd explains the details about how to use the script:

[...]
The instructions are simple, just untar (tar xvf TA_rulewriter.tar) and open the script using your fav text editor ( vi ), on your linux system ( I am using RH7.2) then edit the 3 options; external interface, internal interface, and ip address of internal system. Then close and run the script. It will write a file to /root/ta_rules, which contains the ruleset for TA port-forwarding, then append these rules to the end of your rc.firewall file, ( mine is at /etc/rc.d/rc.firewall ) then execute the rc.firewall file. and restart your system.
[...]

If you have any suggestions to improve the script or found any problems with it feel free to send an email to todd. Please understand that I can't provide any support for it because I don't have the software setup for testing it out.

Page last updated 2005/08/28 by tcbw@tcbw.net