Elite Dangerous: Update 7.01 and Horizons Update (PC Only)

Northpin

Northpin
UberMeg said:
I do know about port forwarding, I just don't like it because it leaves my PC wide open on that port
Click to expand...

Huh?
If you dont have ED running, there is nothing to listen on that port. So there is nothing to be wide open on your PC

The second thing... you dont trust port forwarding, but you do have upnp enabled? That's way worse since you can have basically anything that can open ports on your PC and on you router without your knowledge.

Now dont get me wrong, upnp is risky but it's convenient to use. Problem is it's less reliable than a proper port forward.
 

taniwha-qf

taniwha-qf
UberMeg said:
I do know about port forwarding, I just don't like it because it leaves my PC wide open on that port.
Click to expand...
Northpin said:
If you dont have ED running, there is nothing to listen on that port. So there is nothing to be wide open on your PC
Click to expand...
This is in addition to Northpin's comment (hopefully some clarification).

Yes, port forwarding will send the packets to your PC, but if you set it up correctly (usually pretty easy to get right, actually), it will be ONLY udp packets, and ONLY those with the correct destination port number (the one you specify). However, even though those packets now get to your PC, there has to be a program listening to that particular UDP port for the OS to pass the packet on (otherwise, the packet is simply dropped). This means that for your PC to be vulnerable, a nefarious program needs to be listening to that port. And part of the way the internet protocol stack (the relevant code in your OS) works is only one program can listen to a port, thus if such a nefarious program was running, Elite would not be able to use the port and you would not be able to connect (meaning Elite's failure to operate would inform you that something fishy is going on). It also means that when Elite is running (in port-forwarding mode), no other program (nefarious or otherwise) can listen to that port.

Also, while not particularly convenient, you can always disable the port-forwarding when not playing Elite, and re-enable it when you are (assuming you have ready access to your router's settings, of course).
 

Sighman

Sighman
UberMeg said:
Hi Sighman, thank you very much indeed for your reply. I mean this is completely news to me. I do know about port forwarding, I just don't like it because it leaves my PC wide open on that port. And I didn't know it was sometimes necessary.

I realise I shouldn't be coming to you for Tech Support ha ha, but can you clarify something for me please?
If I look at my network settings in game, UPNP is enabled but port forwarding is off. Are you saying that I do not need to enable port forwarding?

Secondly, the multicrew issue I raised where I was the passenger, but got left stuck in the blue warp tunnel. That wasn't necessary an issue with my connection, but any one of us might have needed to use port forwarding? Depending who the hosting fell to.

I'm happy to contact Frontier support but just wondered what you would say. Thanks.

My settings:
View attachment 267249
Click to expand...

I wouldn't change your setup - maybe check with your team mates to see if any of them have port_restricted and UPNP set to OFF, because penny to a pound they're the one causing the team issues. If all have UPNP on, then it's worth moving on to configuring port forwarding.

As Northpin said, UPNP is far less secure than port forwarding, because UPNP is a router (not PC) configuration which tells the device to open inbound ports as needed - no matter which application is asking.

If you configure your router to forward port 5100 to your PC (using the MAC address of your network card) it's only any use to a hacker if anything is listening on that port. Aside from Elite, nothing else will listen for incoming connections on that port/address. You can also use 5101, 5102 or 5103 through the Elite Dangerous settings screen, or you can edit an XML file to define any port you want (I believe.)

I play in a team of 4 where three of us have zero network issues when playing together, in any combination, but when the fourth joins it's really unreliable. He doesn't have port forwarding set up yet, but I've reminded him again recently.
 

UberMeg

UberMeg
Sighman said:
I wouldn't change your setup - maybe check with your team mates to see if any of them have port_restricted and UPNP set to OFF, because penny to a pound they're the one causing the team issues. If all have UPNP on, then it's worth moving on to configuring port forwarding.

As Northpin said, UPNP is far less secure than port forwarding, because UPNP is a router (not PC) configuration which tells the device to open inbound ports as needed - no matter which application is asking.

If you configure your router to forward port 5100 to your PC (using the MAC address of your network card) it's only any use to a hacker if anything is listening on that port. Aside from Elite, nothing else will listen for incoming connections on that port/address. You can also use 5101, 5102 or 5103 through the Elite Dangerous settings screen, or you can edit an XML file to define any port you want (I believe.)

I play in a team of 4 where three of us have zero network issues when playing together, in any combination, but when the fourth joins it's really unreliable. He doesn't have port forwarding set up yet, but I've reminded him again recently.
Click to expand...
Great, thanks ever so much. I didn't enable UPNP, it must be enabled by default on the BT router. It sounds a bit like what I know as stateful-inspection, where the firewall or NAT automatically opens up the inbound port for 2 way traffic. But I'm not sure. Hey but thank you for the reply, I've got something to work with now with my team mates.
Cheers.
 

Northpin

Northpin
UberMeg said:
didn't enable UPNP, it must be enabled by default on the BT router. It sounds a bit like what I know as stateful-inspection, where the firewall or NAT automatically opens up the inbound port for 2 way traffic. But I'm not sure.
Click to expand...

Employing a bit of simplification here:
upnp is a set of network protocols that enable 2 devices, in our example the computer and the router itself - both upnp enabled, to activate port forwarding rules based on app requests
So if both ED and your router are upnp enabled, ED can request the router to auto port forward as needed.
Nothing wrong with that. It's convenient.

The nasty part is the port forward can happen without your express knowledge and approval.
And it can happen with nefarious programs as well OR with legit programs that have known vulnerabilities that can be exploited

So... pick your poison...

Scary stories, open spoiler at your own risk

Classic scenario examples: QNAP home NAS, home router, both upnp enabled, the NAS is exposing services in internet using the said upnp (the user might not even be aware of it since usually the routers come upnp enabled and iirc the default qnap setting is to use upnp)
The NAS is running vulnerable QNAP software exposed in internet. And the nasty hackers have used that to encrypt all the user files on the said qnap nas. dang!

Now vulnerabilities can be discovered at any time, so i'm not assigning any blame to QNAP here, but some users on qnap forum did not had any idea they were exposing their NAS in internet by the means of upnp.

Response to Qlocker

Response to Qlocker
www.qnap.com
 

UberMeg

UberMeg
Northpin said:
Employing a bit of simplification here:
upnp is a set of network protocols that enable 2 devices, in our example the computer and the router itself - both upnp enabled, to activate port forwarding rules based on app requests
So if both ED and your router are upnp enabled, ED can request the router to auto port forward as needed.
Nothing wrong with that. It's convenient.

The nasty part is the port forward can happen without your express knowledge and approval.
And it can happen with nefarious programs as well OR with legit programs that have known vulnerabilities that can be exploited

So... pick your poison...

Scary stories, open spoiler at your own risk

Classic scenario examples: QNAP home NAS, home router, both upnp enabled, the NAS is exposing services in internet using the said upnp (the user might not even be aware of it since usually the routers come upnp enabled and iirc the default qnap setting is to use upnp)
The NAS is running vulnerable QNAP software exposed in internet. And the nasty hackers have used that to encrypt all the user files on the said qnap nas. dang!

Now vulnerabilities can be discovered at any time, so i'm not assigning any blame to QNAP here, but some users on qnap forum did not had any idea they were exposing their NAS in internet by the means of upnp.

Response to Qlocker

Response to Qlocker
www.qnap.com
Click to expand...
Thank you for you reply. It all sounds like a pandora's box. I kinda wish I hadn't opened it. But I know more now than I did before and we've got something to work with. So thank you everyone for your help.
 

Northpin

Northpin
Frillop Freyraum said:
I also doubt that classic port forwarding is completely risk free, just safer than UpNP.
Click to expand...

Definitely not.
But at least it's something you know about and under your own control.
And if you chose to expose something in the internet, it's your choice.
As one of the users put it in that qnap forum: i had no idea that port 8080 is exposed on the internet (that was the http admin page of his NAS o_O)

Things are not that nasty with Windows itself. At least MS is releasing security updates at least monthly and they patch stuff quite fast.
But as i said, the nasty things can happen with the stuff that one has no idea it is happening.
So i personally see no biggie with ED using UPNP. Or generic speaking, my Windows machine - that is because i'm a knowledgeable user and im careful with what i access and what i run on my pc
I'm also a QNAP owner, my router was upnp enabled until recently, but my qnap had upnp disabled right from the bat.
 

styles784

S
Northpin said:
Huh?
If you dont have ED running, there is nothing to listen on that port. So there is nothing to be wide open on your PC

The second thing... you dont trust port forwarding, but you do have upnp enabled? That's way worse since you can have basically anything that can open ports on your PC and on you router without your knowledge.

Now dont get me wrong, upnp is risky but it's convenient to use. Problem is it's less reliable than a proper port forward.
Click to expand...
I specifically disable upnp, and never use port forwarding unless I'm hosting a server that I need to access from outside my network (which hasn't been the case for several years at this point) - port forwarding is not necessary, and really shouldn't be so widely recommended.
 

Northpin

Northpin
styles784 said:
... port forwarding is not necessary, and really shouldn't be so widely recommended.
Click to expand...

For ED, sometimes it is.
And again, for ED - if used on a large scale it would ease a lot of the instancing problems - simply because the port forward is the safest bet.
Anything else (upnp or the whatever mechanisms used internally by FD) may fail for way too many reasons or may induce extra latency/sync issues

Edit: also no particular settings are needed if playing solo, obviously.
 

styles784

S
Northpin said:
For ED, sometimes it is.
And again, for ED - if used on a large scale it would ease a lot of the instancing problems - simply because the port forward is the safest bet.
Anything else (upnp or the whatever mechanisms used internally by FD) may fail for way too many reasons or may induce extra latency/sync issues

Edit: also no particular settings are needed if playing solo, obviously.
Click to expand...
For no game, ever, is it necessary - it's a workaround at best, but the users that don't know enough about networking to be able to solve the underlying issue are the last people I'd recommend to open a port on their private network.

I play in a private group most of the time, and have played in open, without issue, on a 5 mbit down/1 mbit up connection. I have successfully jumped around the bubble with two passengers many times without anyone dropping a connection. I have not seen any problems beyond those that others have seen when the entire wing/team is on gigabit connections (even if they did use port forwarding). And I'm behind another layer of my ISP's NAT, so I don't have a public IP address these days - I'd have to try to convince them to open a port for me before port forwarding on my own router could have any effect. Port forwarding isn't the solution.
 

styles784

S
galahad2069 said:
Ye sure, with a 5 Mbps down / 1 Mbps up connection it's a miracle if the game can run in the first place :)

You sure you did not actually mean Gbps?
Click to expand...
I'm sure - it's a wireless line-of-sight radio, not fiber (or even cable). Technically rated for 10 mbits down, 2 mbits up, but I can't give my computer all of the bandwidth without upsetting the other people in the house.
Factabulous said:
Bit weird to argue that Port Forward is not required - for a game that is pretty explicit that it is P2P. fdev also talk about setting up Port Forwarding / uPnP on their support site https://customersupport.frontier.co...4405945325970-What-do-the-network-options-do-

I know they've talked about having workarounds for people who don't have their networks set up, so things will work without ... sometimes ...
Click to expand...
Bit weird to argue that port forwarding is required, when none of us are hosting dedicated servers

Port forwarding is for accepting unsolicited incoming connections - in a P2P situation, all peers start with outgoing packets, which tell all routers and gateways along the way how to route reply packets, effectively opening the necessary ports on a temporary basis. This is the same way that the web page you ask for is able to make it back to your browser - if port forwarding was necessary for P2P, it would be necessary for literally all network communication across any gateway device.
 

Factabulous

Factabulous
styles784 said:
Port forwarding is for accepting unsolicited incoming connections - in a P2P situation, all peers start with outgoing packets, which tell all routers and gateways along the way how to route reply packets, effectively opening the necessary ports on a temporary basis. This is the same way that the web page you ask for is able to make it back to your browser - if port forwarding was necessary for P2P, it would be necessary for literally all network communication across any gateway device.
Click to expand...
... the game uses UDP - which is not connection based. unlike web connections - which are connection based.
 

Northpin

Northpin
styles784 said:
This is the same way that the web page you ask for is able to make it back to your browser - if port forwarding was necessary for P2P, it would be necessary for literally all network communication across any gateway device.
Click to expand...


When you access a web page, that's not p2p, that's client-server
Your browser is the client, the web server is, who would have ever thought, the server.
 

styles784

S
Factabulous said:
... the game uses UDP - which is not connection based. unlike web connections - which are connection based.
Click to expand...
Look up UDP hole-punching - since UDP is connectionless, it can establish that routing where TCP would need ports to be opened.

But that's not relevant in a situation where there are still central servers involved - the clients are introduced to each other by the servers during instancing, then communicate directly from there. If it was completely serverless, there would be no persistent galaxy. There certainly would be no way for the consoles and PC to share the same market, or for the fleet carriers to persist across all platforms.

Northpin said:
When you access a web page, that's not p2p, that's client-server
Your browser is the client, the web server is, who would have ever thought, the server.
Click to expand...
And the server would be unable to send anything to the client without the client opening ports, if the assertion that port forwarding was required was true. Clients would just be screaming into a void from which they could receive no answer.

But that's not how networking protocols work - clients can receive a response without opening ports, because outgoing packets set up return routes so that the network connection can actually do something. The only difference with a web server is that the server needs to have open ports in order to receive the clients' initial communication, as I previously mentioned.
 

Factabulous

Factabulous
styles784 said:
Look up UDP hole-punching - since UDP is connectionless, it can establish that routing where TCP would need ports to be opened.
Click to expand...
Well yeah, that just says you need to have extra software in place to allow the packets through - hence the complications to make the it work, unless you allow it somehow - say by opening the port, using uPnP, or fancy NATs - which not everyone has. All you are saying is 'there are other options' - which I agree there are. And one is port forwarding - assuming you know what you are doing. Which is presumably why it is a documented option on the game website 🤷‍♀️
 

Northpin

Northpin
styles784 said:
Look up UDP hole-punching - since UDP is connectionless, it can establish that routing where TCP would need ports to be opened.

But that's not relevant in a situation where there are still central servers involved - the clients are introduced to each other by the servers during instancing, then communicate directly from there. If it was completely serverless, there would be no persistent galaxy. There certainly would be no way for the consoles and PC to share the same market, or for the fleet carriers to persist across all platforms.


And the server would be unable to send anything to the client without the client opening ports, if the assertion that port forwarding was required was true. Clients would just be screaming into a void from which they could receive no answer.

But that's not how networking protocols work - clients can receive a response without opening ports, because outgoing packets set up return routes so that the network connection can actually do something. The only difference with a web server is that the server needs to have open ports in order to receive the clients' initial communication, as I previously mentioned.
Click to expand...

Yeap, that's correct. But let's not forget that we are all behind a NAT
And the most common NAT implementations (symmetric nat) works only for a one-on-one communication. A call-response if you want.
That is between your game client and FDev servers. Your game-client calls FDev-server and FDev responds back using the com-channel initiated by the client. Someone else cannot respond using the same com-channel. So it works for a Solo session of Elite, but not so much for a Multiplayer session.

When multiplayer in a p2p architecture, you have to communicate directly with other players - a full cone nat could help, but that's regarded as quite insecure and its not widely implemented
And without a full cone nat or a turn server or some other form of proxy - the port forward (or the upnp) is needed for a p2p game. 🤷‍♂️

Edit, ninja'd sort off
 
Last edited:
You must log in or register to reply here.
Top Bottom