Connection blocking issue on DLink router

First Riot Post
Comment below rating threshold, click here to show it.

FunGames

Junior Member

03-11-2010

Even after patch, While I am in the game I was getting "ERROR - Unable to establish a connection with PVP.net chat server" , Kept me in game but can't play, reconnect message came up multiple times almost every minute or so...

My router is DLink DIR-625. Few things I noticed

1. Despite lolclient.exe, League of Legends.exe, and lol.launcher.exe are listed as exceptions in Windows 7 firewall, Got same error message

2. win 7 firewall==>Adv Settings: Inbound Rules: Enabled, Opened all ports for Private, DOMAIN in win 7 firewall profiles for these There programs

3. Blocked incoming TCP packet from 66.151.54.130:23569 to MyIP as PSH:ACK received but there is no active connection


4.I noticed "Blocked outgoing TCP packet from myIP:52996 to 66.151.54.140:2099 as RST:ACK received but there is no active connection"

So, I added new outbound rules
win 7 firewall==>Adv Settings:Outbound Rules: Enabled, Opened all ports for Private, DOMAIN in win 7 firewall profiles for these Three programs, Still same error.

Above steps did not helped me to get around router NAT firewall blocking. That means issue is not with Win 7 firewall.


Even after enabled DMZ,
1.ping 66.151.54.140 FAILED. IP listed to open TCP ports 443, 2099, 5222, and 5223
2.Ping to 66.151.54.79, 66.151.54.80 FAILED(I took Two sample IP from list provided to open UDP ports 5000-5064)

Games/applications allowed by Router DLink DIR 625 for port forwarding:

{name: "Application Name", tcp: "", udp: ""},
{name: "Age of Empires", tcp: "2302-2400,6073", udp: "2302-2400,6073"},
{name: "Aliens vs. Predator", tcp: "80,2300-2400,8000-8999", udp: "80,2300-2400,8000-8999"},
{name: "America's Army", tcp: "20045", udp: "1716-1718,8777,27900"},
{name: "Asheron's Call", tcp: "9000-9013", udp: "2001,9000-9013"},
{name: "Battlefield 1942", tcp: "", udp: "14567,22000,23000-23009,27900,28900"},
{name: "Battlefield 2", tcp: "80,4711,29900,29901,29920,28910", udp: "1500-4999,16567,27900,29900,29910,27901,55123,55124,552 15"},
{name: "Battlefield: Vietnam", tcp: "", udp: "4755,23000,22000,27243-27245"},
{name: "BitTorrent", tcp: "6881-6889", udp: ""},
{name: "Black and White", tcp: "2611-2612,6500,6667,27900", udp: "2611-2612,6500,6667,27900"},
{name: "Call of Duty", tcp: "28960", udp: "20500,20510,28960"},
{name: "Command and Conquer Generals", tcp: "80,6667,28910,29900,29920", udp: "4321,27900"},
{name: "Command and Conquer Zero Hour", tcp: "80,6667,28910,29900,29920", udp: "4321,27900"},
{name: "Counter Strike", tcp: "27030-27039", udp: "1200,27000-27015"},
{name: "Crimson Skies", tcp: "1121,3040,28801,28805", udp: ""},
{name: "D-Link DVC-1000", tcp: "1720,15328-15333", udp: "15328-15333"},
{name: "Dark Reign 2", tcp: "26214", udp: "26214"},
{name: "Delta Force", tcp: "3100-3999", udp: "3568"},
{name: "Diablo I and II", tcp: "6112-6119,4000", udp: "6112-6119"},
{name: "Doom 3", tcp: "", udp: "27666"},
{name: "Dungeon Siege", tcp: "", udp: "6073,2302-2400"},
{name: "eDonkey", tcp: "4661-4662", udp: "4665"},
{name: "eMule", tcp: "4661-4662,4711", udp: "4672,4665"},
{name: "Everquest", tcp: "1024-6000,7000", udp: "1024-6000,7000"},
{name: "Far Cry", tcp: "", udp: "49001,49002"},
{name: "Final Fantasy XI (PC)", tcp: "25,80,110,443,50000-65535", udp: "50000-65535"},
{name: "Final Fantasy XI (PS2)", tcp: "1024-65535", udp: "50000-65535"},
{name: "Gamespy Arcade", tcp: "", udp: "6500"},
{name: "Gamespy Tunnel", tcp: "", udp: "6700"},
{name: "Ghost Recon", tcp: "2346-2348", udp: "2346-2348"},
{name: "Gnutella", tcp: "6346", udp: "6346"},
{name: "Half Life", tcp: "6003, 7002", udp: "27005,27010,27011,27015"},
{name: "Halo: Combat Evolved ", tcp: "", udp: "2302,2303"},
{name: "Heretic II", tcp: "28910", udp: "28910"},
{name: "Hexen II", tcp: "26900", udp: "26900"},
{name: "Jedi Knight II: Jedi Outcast ", tcp: "", udp: "28060,28061,28062,28070-28081"},
{name: "Jedi Knight III: Jedi Academy ", tcp: "", udp: "28060,28061,28062,28070-28081"},
{name: "KALI", tcp: "", udp: "2213,6666"},
{name: "Links", tcp: "2300-2400,47624", udp: "2300-2400,6073"},
{name: "Medal of Honor: Games", tcp: "12203-12204", udp: ""},
{name: "MSN Game Zone", tcp: "6667", udp: "28800-29000"},
{name: "MSN Game Zone (DX)", tcp: "2300-2400,47624", udp: "2300-2400"},
{name: "Myth", tcp: "3453", udp: "3453"},
{name: "Need for Speed", tcp: "9442", udp: "9442"},
{name: "Need for Speed 3", tcp: "1030", udp: "1030"},
{name: "Need for Speed: Hot Pursuit 2", tcp: "8511,28900", udp: "1230,8512,27900,61200-61230"},
{name: "Neverwinter Nights", tcp: "", udp: "5120-5300,6500,27900,28900"},
{name: "PainKiller ", tcp: "", udp: "3455"},
{name: "PlayStation2 ", tcp: "4658,4659", udp: "4658,4659"},
{name: "Postal 2: Share the Pain ", tcp: "80", udp: "7777-7779,27900,28900"},
{name: "Quake 2", tcp: "27910", udp: "27910"},
{name: "Quake 3", tcp: "27660,27960", udp: "27660,27960"},
{name: "Rainbow Six", tcp: "2346", udp: "2346"},
{name: "Rainbow Six: Raven Shield ", tcp: "", udp: "7777-7787,8777-8787"},
{name: "Return to Castle Wolfenstein ", tcp: "", udp: "27950,27960,27965,27952"},
{name: "Rise of Nations", tcp: "", udp: "34987"},
{name: "Roger Wilco", tcp: "3782", udp: "27900,28900,3782-3783"},
{name: "Rogue Spear", tcp: "2346", udp: "2346"},
{name: "Serious Sam II", tcp: "25600-25605", udp: "25600-25605"},
{name: "Shareaza", tcp: "6346", udp: "6346"},
{name: "Silent Hunter II", tcp: "3000", udp: "3000"},
{name: "Soldier of Fortune", tcp: "", udp: "28901,28910,38900-38910,22100-23000"},
{name: "Soldier of Fortune II: Double Helix", tcp: "", udp: "20100-20112"},
{name: "Splinter Cell: Pandora Tomorrow", tcp: "40000-43000", udp: "44000-45001,7776,8888"},
{name: "Star Trek: Elite Force II", tcp: "", udp: "29250,29256"},
{name: "Starcraft", tcp: "6112-6119,4000", udp: "6112-6119"},
{name: "Starsiege Tribes", tcp: "", udp: "27999,28000"},
{name: "Steam", tcp: "27030-27039", udp: "1200,27000-27015"},
{name: "SWAT 4", tcp: "", udp: "10480-10483"},
{name: "TeamSpeak", tcp: "", udp: "8767"},
{name: "Tiberian Sun", tcp: "1140-1234,4000", udp: "1140-1234,4000"},
{name: "Tiger Woods 2K4", tcp: "80,443,1791-1792,13500,20801-20900,32768-65535", udp: "80,443,1791-1792,13500,20801-20900,32768-65535"},
{name: "Tribes of Vengeance", tcp: "7777,7778,28910", udp: "6500,7777,7778,27900"},
{name: "Ubi.com", tcp: "40000-42999", udp: "41005"},
{name: "Ultima", tcp: "5001-5010,7775-7777,7875,8800-8900,9999", udp: "5001-5010,7775-7777,7875,8800-8900,9999"},
{name: "Unreal", tcp: "7777,8888,27900", udp: "7777-7781"},
{name: "Unreal Tournament", tcp: "7777-7783,8080,27900", udp: "7777-7783,8080,27900"},
{name: "Unreal Tournament 2004", tcp: "28902", udp: "7777-7778,7787-7788"},
{name: "Vietcong ", tcp: "", udp: "5425,15425,28900"},
{name: "Warcraft II", tcp: "6112-6119,4000", udp: "6112-6119"},
{name: "Warcraft III", tcp: "6112-6119,4000", udp: "6112-6119"},
{name: "WinMX", tcp: "6699", udp: "6257"},
{name: "Wolfenstein: Enemy Territory ", tcp: "", udp: "27950,27960,27965,27952"},
{name: "WON Servers", tcp: "27000-27999", udp: "15001,15101,15200,15400"},
{name: "World of Warcraft", tcp: "3724,6112,6881-6999", udp: ""},
{name: "Xbox Live", tcp: "3074", udp: "88,3074"}


Dlink Router treating LoL connection requests as an attacks and blocking. This is because this game is not listed by DLink as allowable game/application for port forwarding through it's firewall.

==>because of above reason Port forwarding is not working for LoL on my DLink router

==>No issues When enabled DMZ. Router firewall didn't cared though game is not in the allowable list.

==>Getting disconnected from chat server etc.. Because of blocking TCP, UDP by router when No DMZ and port forwarding is not working for LoL.

==> Game works fine with no router and connected to internet directly through modem.

Solution could be: Riot should contact DLink to get LoL as allowable game on their routers?. So that Router NAT, firewall allows port forwarding when no DMZ.


Comment below rating threshold, click here to show it.

Jesse Perring

NOC Technician

03-11-2010
1 of 2 Riot Posts

Definitely worth a shot. I'm not really familiar with router firewall settings, but I'll poke around on Dlink's site and ask our operations guys to look at this.

Thanks for posting.


Comment below rating threshold, click here to show it.

FunGames

Junior Member

03-11-2010

I have changed my router firewall setting for 'UDP Endpoint Filtering'

TO 'Endpoint Independent' FROM DEFAULT 'Address Restricted'

After this change
When Joined a game, Had couple of UDP and One TCP blocks from LoL IP's but worked So far..even with out enabling DMZ and game not in router firewall list.

I was able to host a practice game played with bots..no issues
I was able to join my friend game and played. No Disconnected error message..


I also opened TCP, UDP ports in router with port forwarding as listed in support thread ut I doubt router is forwarding as game is not in it's exceptions list.

For TCP Endpoint Filtering: Port And Address Restricted(Default, No change)

This option could be worth trying for those use similar DLink routers. will post if any thing I noticed with my router changes.

If want to know what they are for:

NAT Endpoint Filtering

The NAT Endpoint Filtering options control how the router's NAT manages incoming connection requests to ports that are already being used.

Endpoint Independent:
Once a LAN-side application has created a connection through a specific port, the NAT will forward any incoming connection requests with the same port to the LAN-side application regardless of their origin. This is the least restrictive option, giving the best connectivity and allowing some applications (P2P applications in particular) to behave almost as if they are directly connected to the Internet.

Address Restricted:
The NAT forwards incoming connection requests to a LAN-side host only when they come from the same IP address with which a connection was established.
This allows the remote application to send data back through a port different from the one used when the outgoing session was created.

Port And Address Restricted:
The NAT does not forward any incoming connection requests with the same port address as an already establish connection.

Note that some of these options can interact with other port restrictions. Endpoint Independent Filtering takes priority over inbound filters or schedules, so it is possible for an incoming session request related to an outgoing session to enter through a port in spite of an active inbound filter on that port. However, packets will be rejected as expected when sent to blocked ports (whether blocked by schedule or by inbound filter) for which there are no active sessions. Port and Address Restricted Filtering ensures that inbound filters and schedules work precisely, but prevents some level of connectivity, and therefore might require the use of port triggers, virtual servers, or port forwarding to open the ports needed by the application. Address Restricted Filtering gives a compromise position, which avoids problems when communicating with certain other types of NAT router (symmetric NATs in particular) but leaves inbound filters and scheduled access working as expected.

UDP Endpoint Filtering:
Controls endpoint filtering for packets of the UDP protocol.
TCP Endpoint Filtering:
Controls endpoint filtering for packets of the TCP protocol.


Comment below rating threshold, click here to show it.

FunGames

Junior Member

03-12-2010

I forgot, One more setting I changed for my router is MTU value. By default router MTU set to 1500 to work with most ISP's.

I noticed 1500 is getting fragmented with League Of Legends ping so I tested with various MTU's...for me max worked out is 1472 for both TCP and UDP. So I have changed my Router MTU setting to 1472.

To find right MTU value for your network, You can do following

1.In command prompt ping 66.151.63.150 -f -l 1200
==> Start with 1200 and go up to 1500 or more depending on quality and bandwidth of your connection WITH 10 OR 50 INCREMENT each time for ping.

For me following came at MTU: 1473

LoL TCP IP:

PING 66.151.54.140 -f -l 1473

Pinging 66.151.54.140 with 1473 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 66.151.54.140:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

One of LoL UDP IP:

ping 66.151.63.150 -f -l 1473

Pinging 66.151.63.150 with 1473 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.

Ping statistics for 66.151.63.150:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

After all these changes on my router, It seems no more issues or disconnects or packet loss or champion freeze in game etc.. Played few games and no issues so far..


Comment below rating threshold, click here to show it.

Jesse Perring

NOC Technician

03-12-2010
2 of 2 Riot Posts

Thank you very much for posting all this.

I submitted a request with DLINK to see what it would take to add LoL to a list of exceptions on the firewall for certain ports.

For the independent endpoint change: The connections from our chat servers are all from 66.151.54.140 to the same ports (5222 and 5223), so I can't see how endpoint independent would make a difference with chat disconnects. The port that you received the block notice on is actually for log in information, but I can understand that blocking that connection would cause a variety of disconnects (including chat).

For the MTU change: The packets we send in game are considerably smaller than 1500 bytes, but I'm not very familiar with the kinds of effects you would generally see from changing MTU, so it may have helped. What kind of behavior did you notice in-game from the MTU changes?


Comment below rating threshold, click here to show it.

FunGames

Junior Member

03-12-2010

1. Fast and improved performance,response for the game(because of optimum MTU, No packet loss, buffering etc I guess)

2. No disconnects/lost connection in middle of the game that causing champion freeze and re-connect message

3. No disconnect to PVP.net, ejabberd

i.e A message "PVP.net has detected a disconnect from ejabberd." which causing crash due to failure to identify/lost session(packet loss could also trigger this).

4. Continued session to LoL in game or not in game..

5. No TCP, UDP block notices ON LoL IP's in my router log.

The MTU(MAXIMUM TRANSMISSION UNIT) change keeps packets with out fragmented as network can transmit at one go and no loss/buffering etcc/loss error minimized during peak network volume.That's why I might be seeing fast response.

MTU means the size of each packet that is transmitted at one go.. if you set it too low then it increases the overhead too much and if you set it too high then for instance there is an error in transmitting a packet then it is retransmitted hence increasing your bandwidth usage in the long run.. if MTU is set too high then there is also a possibility that your pages will take ages to load and same with too less a value so it has to be at an optimum level which is normally prescribed by isp.


LoL listed UDP IP's list on forum (http://kb.leagueoflegends.com/questi...Server+IP+List) are:

TCP ports 443, 2099, 5222, and 5223 open to 66.151.54.140

for UDP ports 5000-5064:
66.151.54.79 to 171
63.246.17.181
63.246.21.227
207.223.250.5 to 14
207.223.254.83

In my router log:
I still see some UDP blocks with different ports used, those are in the net-range of companies below. IP's Listed by LoL are also in same net-range.

I logged in morning time today for test, Not logged out, Played occasionally but I didn't see lost session error So far. The blocks noticed today are not causing crash.

Fri Mar 12 09:55:15 2010 Blocked outgoing TCP packet from myLocalIP:55918 to 66.151.54.140:2099 as PSH:ACK received but there is no active connection

Fri Mar 12 02:45:06 2010 Blocked incoming UDP packet from 66.151.55.28:11485 to myIP:33440
Fri Mar 12 02:45:12 2010 Blocked incoming UDP packet from 66.151.55.4:11485 to myIP:33437

Fri Mar 12 01:09:43 2010 Blocked incoming UDP packet from 63.246.15.18:10029 to myIP:33435
Fri Mar 12 01:09:13 2010 Blocked incoming UDP packet from 63.246.15.18:10029 to myIP:33438
Fri Mar 12 00:26:43 2010 Blocked incoming UDP packet from 63.246.15.18:12292 to myIP:33435
Fri Mar 12 00:26:13 2010 Blocked incoming UDP packet from 63.246.15.18:12292 to myIP:33438
Thu Mar 11 21:08:49 2010 Blocked incoming UDP packet from 63.246.15.18:10209 to myIP:33435
Thu Mar 11 21:08:19 2010 Blocked incoming UDP packet from 63.246.15.18:10209 to myIP:33438

Thu Mar 11 20:15:49 2010 Blocked incoming UDP packet from 63.246.15.18:11047 to myIP:33435
Thu Mar 11 20:15:19 2010 Blocked incoming UDP packet from 63.246.15.18:11047 to myIP:33438

From ARIN lookup:

OrgName: XIOLINK, LLC,St. Louis,MO,63102 NetRange: 63.246.0.0 - 63.246.31.255

OrgName: Internap Network Services Corporation, Atlanta,GA,30303
NetRange: 66.150.0.0 - 66.151.255.255

UDP IP's listed by LoL support are in these companies net-range.

===> The UDP blocked IP(63.246.15.18 from XIOLINK, LLC), Ports(10029,12292,11047) from my router log is not listed in the UDP IP's listed by support.

===> The UDP blocked IP(66.151.55.28 from Internap Network Services Corporation), Port(11485) from my router log is not listed in the UDP IP's listed by support.

XIOLink LLC and Internap Network Services Corporation are associated with LoL or not I don't know.

above companies are providing services to LoL (game hosting and ejabberd services)?

If so, other UDP ports could are being used for LoL than just listed?

Since game is not in router exception list, EndPoint Independent allows whatever UDP port LoL using that's why I chosen 'Endpoint Independent'.