IP ranges and port numbers for *outbound* connections

[Mon Dieu]

I'm tightening network security here, and putting in more restrictions on outbound traffic instead of the lenient approach I had previously been taking. The reasons for this are unrelated to the game, but the resulting policies may affect the game.

I'm looking for documentation regarding the IP address ranges and port numbers used by the game for outbound connections to the game servers. Documentation for uPnP and inbound port-forwarding I can find in abundance, but nothing about allowing the game to connect in the first place.

Trial-and-error and the firewall logs suggest that the following might be used by the game:

IP ranges:

• 18.202.0.0 / 255.254.0.0
• 34.192.0.0 / 255.192.0.0
• 52.208.0.0 / 255.248.0.0
• 54.160.0.0 / 255.240.0.0
• 63.32.0.0 / 255.252.0.0

Ports:

• 3478 / udp
• 19364 / udp

Are those details correct and complete? If not, what's missing or incorrect?

 

[Richard_Head]

there's also P2P connections with other players (assuming open / pg)

 

[Mon Dieu]

Good to know. What are the port numbers and protocols for outbound P2P connections?

 

[Morbad]

Good to know. What are the port numbers and protocols for outbound P2P connections?

UPnP is used by default, but if you disable it you can select from UDP ports in the 510x range, which would then need to be forwarded.

 

[Mon Dieu]

UPnP is used by default, but if you disable it you can select from UDP ports in the 510x range, which would then need to be forwarded.

From the original post, only three above yours:

"Documentation for uPnP and inbound port-forwarding I can find in abundance, but nothing about allowing the game to connect in the first place."

So what are the port numbers and protocols for outbound connections, not inbound connections?

 

[BarbaPeru]

I'm tightening network security here, and putting in more restrictions on outbound traffic instead of the lenient approach I had previously been taking. The reasons for this are unrelated to the game, but the resulting policies may affect the game.

I'm looking for documentation regarding the IP address ranges and port numbers used by the game for outbound connections to the game servers. Documentation for uPnP and inbound port-forwarding I can find in abundance, but nothing about allowing the game to connect in the first place.

Trial-and-error and the firewall logs suggest that the following might be used by the game:

IP ranges:

• 18.202.0.0 / 255.254.0.0
• 34.192.0.0 / 255.192.0.0
• 52.208.0.0 / 255.248.0.0
• 54.160.0.0 / 255.240.0.0
• 63.32.0.0 / 255.252.0.0

Ports:

• 3478 / udp
• 19364 / udp

Are those details correct and complete? If not, what's missing or incorrect?

I'm doing the same, my network does not allow any inbound or outbound network traffic, so I'm creating some firewall rules for ED. I found something more.
I need to allow 443 outbound for specific IPs (I'm doing some wireshark sniffing for finding them) for login.
I found some IPs not included in your list for port 19364:

54.246.203.74
54.154.223.144

The source port should be 5100 (configurable) and destination port 19364, all udp.

If someone has any more info I'll appreciate sharing.

Greetings, Barbaperu.

 

[Mon Dieu]

Should anyone have a firewall which allows granular filtering, e.g. a Palo Alto or similar, it's possible to filter by FQDN wildcard without needing to know the IP address ranges.

Using Palo Alto as an example, as it's what I've got here, the Destination supports explicit FQDNs but not wildcards. However, the URL Category does support FQDN wildcards. So a rule with "any" in the destination and both *.orerve.net and *.zaonce.net in the URL Category is sufficient to allow Elite outbound.