Jump to content

Port Forwarding removal


Recommended Posts

Hey guys!

i am writing because I have a feature request for the game. My parents and I'm sure other parents in the world feel the same way, but they raise security concerns about Port Forwarding in multiplayer.

Can a feature request be submitted for a fix to the game where you don't have to Port forward your router to play?

 

thanks

xzalek25

Link to comment
57 minutes ago, xzalek25 said:

Hey guys!

i am writing because I have a feature request for the game. My parents and I'm sure other parents in the world feel the same way, but they raise security concerns about Port Forwarding in multiplayer.

Can a feature request be submitted for a fix to the game where you don't have to Port forward your router to play?

 

thanks

xzalek25

You don't need to port forward in order to play, only to host. Two points need making: firstly, port forwarding is not something the OpenRCT2 dev team have any control over. It has to do with internet architecture, and specifically, the fact that most home networks use network address translation, which assigns every device on your network it's own private IP. The router does not know which machine to direct incoming requests to unless you tell it, and that's what port forwarding does. You do not need to port forward if you are connected over LAN, only if you want to be accessible to players on the wider internet.

Why do we use NAT so widely? Because the IPV4 address space is all but exhausted and there simply aren't enough of them to give every device a globally unique IP. It's successor, IPV6, has a lot more addresses, but adoption has been slow (I guess if you're using IPV6 then you don't need to port forward? Someone with better networking knowledge than me please tell me if that's true)

That said, there exists a technique called hole punching, which can be used to establish a direct connection without the need to port forward. My understanding is that both servers first make outbound connections to a third server, which then relays details of the connection back to the clients so that they can connect directly to each other through the NAT. I have no idea if it is a viable option for OpenRCT2, but I think there are other games using a method similar to this, so maybe someone who works on the networking code could comment.

Secondly,  I'm not sure if this would improve security. My understanding is that simply port forwarding is not a security risk, it's having something listening on that port that is - because that server may have exploitable vulnerabilities (and there is no reason to believe OpenRCT2 is any exception). But, if you want to act as a server, you have to allow people to connect somehow, because that's what a server does. There may be other concerns that I'm not aware of, but you should be aware that the only totally secure machine is one not connected to the internet.

  • Like 5
Link to comment
4 hours ago, X7123M3-256 said:

the only totally secure machine is one not connected to the internet.

 

3 hours ago, YoloSweggLord said:

Well said.

 

And even then, hackers can just not use their computers and instead use social engineering to get access to the non-connected machines.  It's how Kevin Mitnick worked. 

Link to comment
  • 3 months later...
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...