FFXI / ISP Incompatibility Shuts Users Out

A user writes "Since Tuesday 9/28, an incompatibility between how Final Fantasy XI addresses a network connection with it's Playonline Viewer and Optimum Online's broadband service has blocked well over 1000 players out of the game. The only thing both companies do agree on is that the problem is a minor one. Numerous players have been told by Optimum Online that it is not a priority. Likewise Square Enix has no notice of the problem on their website, but an option on their call menu tells players they are aware of the problem and it is being worked on before hanging up.

At least it's only a minor problem . . .

[Goobermunch]

I mean, it's not like these folks are actually paying to use a service or anything like that. Besides, it's only 1000 people. Given that they've sold several hundred thousand units, with nice monthly subscriptions attached, they don't have to worry about a few hundred people.

After all, it's not like it'll affect anything important. You know, like the bottom line.

--AC

Re:At least it's only a minor problem . . .

[Neophytus]

Yes, they are. Square gets $13 a month off each and every player in their universe.

Re:At least it's only a minor problem . . .

[Farmer Jimbo]

Note the careful use of sarcasm in the post you replied to. The company only cares about the bottom line, which wouldn't be hurt if they lost all 1000 people with this problem.

Stated another way : corps of the size we're talking about here could not care less about this problem beacause it affects so few people.

Re:At least it's only a minor problem . . .

[bozoman42]

Several million, actually, for what it's worth.

Definitely agree with your sarcasm, though.

I've solved it, Watson

[captnitro]

..It sounds the heads at Squeenix are at least aware of the situation, though they seem to be passing the buck, which is kinda messed up. Last I heard, PlayOnline uses Port 25 to connect to a network (the same one that mail clients use), and that Optimum closed it off, for some reason. In any case, I wish you luck, and I wish there was something I could do besides this.

There is no chance that I could care less about this story. But it seems like a lot of people are clueless.

1. PlayOnline is thoroughly st

Re:I've solved it, Watson

[_xeno_]

1. PlayOnline is thoroughly stupid for using port 25 to connect to the network. Though shalt not retain ports under 1000, and well-known ones at that.

Ah, but it doesn't. I run on Comcast, so I was curious what might be causing the problem so I decided to run a packet sniffer and watch the game connect. It opened something on Port 5000 or so and did a bunch of miscellaneous stuff, including a bunch of HTTP transactions on non-standard ports. (I think - I need to recheck those logs and make sure it wasn't redirected to that port.) But it never touched Port 25.

This misunderstanding comes because if you read the "required open ports" you'll see them list Ports 25, 80, 110, and 443. A quick overview will see those listed as SMTP, HTTP, POP3, and HTTPS.

As it turns out, the PlayOnline client does include an e-mail client, to allow you to send and receive e-mail via an e-mail account that comes with the service. If you wish to send e-mail using that account, then port 25 comes into play.

It turns out that PlayOnline uses a bunch of Internet standards to run, including HTTP for downloading the menu pages and XML to describe those pages. HTTPS appears to be used for when you sign up for your account and various other features.

(You can actually view the SSL certificate when you enter a secured portion of the service. A "key" icon gets added to the Navigation mini-menu. Square-Enix also digitally signs all e-mail they send to their customers, and the e-mail client they use supports that, as well.)

My personal guess is that OO created a transparent HTTP proxy, and that's what's messing things up. A lot of the basic functionality in PlayOnline is actually done of HTTP/HTTPS.

Re:I've solved it, Watson

[sinergy]

OO is not using a transparent proxy.

Re:I've solved it, Watson

[sinergy]

Yeah, and when is the last time you've seen a transparent proxy for port 25 access?
Don't you mean filtering? Proxying and firewalling are two different things.

I know that OO does not use a transparent proxy server because they say so in the TOS. You could also verify that rather simply by looking at the traffic generated by a host (such as me.) This isn't happening.

Re:Port 25?!?

[_xeno_]

Simple, it doesn't. The client includes an e-mail client, so if you read the required port list you'll see port 25 listed. A bunch of people then read that OO was blocking port 25 and decided this was the problem.

As it turns out, the PlayOnline viewer actually runs over HTTP and HTTPS. The Final Fantasy XI portion of the game runs over ports 50000+.

Bottom line, whatever the problem is, Port 25 isn't it.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Port 25?!?

[mediagoddess]

I am said girlfriend and have now talked to 4 support techs (as well as befriended one in the process) and have been told time and time again, IT HAS NOTHING TO DO WITH PORT 25. I've even specifically ASKED if it was related to port 25, and was told no, that port was closed back in August- if there were issues with port 25, it would have shown up then. Likewise, it may not be related to the friendlist update. If it were, EVERY OO customer would have the problem, but as it stands, there are QUITE A FEW PEO

Re:Port 25?!?

[MMaestro]

Actually the problem is the closing of port 25. Chances are you've never played FFXI since its IMPOSSIBLE TO PLAY THE GAME WITHOUT GOING THROUGH THE PLAYONLINE VIEWER. Yes, thats right, just like how you can't use Windows without Internet Explorer, you can't play FFXI without PlayOnline Viewer. So when PlayOnline Viewer has a problem, FFXI has a problem.

PlayOnline Viewer uses port 25 for its Friends List and won't let the user in until it fully connects. End result : PlayOnline Viewer cannot 100% connect a

Re:Port 25?!?

[_xeno_]

Ummm...

I can't figure out what you're talking about, the Friends List is loaded over HTTP (or maybe HTTPS, I can't remember, I'll have to check when I get home).

Pretty much all of the PlayOnline Viewer related stuff occurs over either HTTP or HTTPS. It then gets handed off to a DLL when it connects to FFXI. (The new delay when it loads the main menu is caused because it now loads the main menu as a kind of XML "screen" file off the POL servers.)

I've watched it connect while running Ethereal, there's no port 25 stuff at all. As others have said, the Optimum Online port 25 block went into effect about a month ago.

Re:Port 25?!?

[_xeno_]

I tried it. There were no ports opened in that range. For that matter, the lowest port it ever connected on was in the 3000s.

In fact, when I sent myself an e-mail, it connected on a port in the 3000 range. No port 25 in the mix anywhere.

Stop the Hate

[BigChigger]

I've noticed all Sony articles lately are critical. Did One Slashdot Way just get a big shipment of Xboxen perhaps?

BC

Re:Stop the Hate

[glowimperial]

Have you played any of SOE's online games lately? Sony seems to excel at overpromising and underdelivering, and letting it's customers know that the don't give two shits about their priorities. Star Wars Galaxies is leaking players right now. When EQ2 and WoW come out it's going to be a sieve over there. Folks are already worried about merging servers and whatnot.

Re:Stop the Hate

[rabbot]

Too bad SOE has nothing to do with FFXI.

Re:Stop the Hate

[suraklin]

and I am sure SOE also does not mind people migrating from SWG to EQ2 when it comes out... they still get cash

Derp

[XellDx]

Sony didn't make FF:XI. Besides, the article doesn't mention if this is a PC/PS2 only issue.

Re:Derp

[mediagoddess]

Its not exclusive to either system- users with the issue use both PC and PS2. ---p'ed off FFXI player

Of course it's a problem

[hollismb]

See, this is what you get when you don't standardize your online network. Ports getting opened all over the damn place. I'm not surprised at all that they've got these problems, given the total lack of structure in Sony's online service (or lack thereof). In comparison, Xbox Live uses three ports: UDP 88, UDP 3074, and TCP 3074. What happens, I wonder, to people playing Final Fantasy online through a router that are also running a webserver? If your standard port 80 is being forwarded to the webserver, the

Re:Of course it's a problem

[betelgeuse68]

This has nothing to do with Sony. There is no notion of central servers with online gaming on the PS2. Square can open whatever ports it wants to on both sides, it squarely (pun intended) controls both ends.

I might also add that PCs are part of this mix. That is, this isn't PS2 only network. FFXI allows PC and PS2 players to mingle.

-M

They've always had a buggy networking layer

[Danny Rathjens]

Here was my post on 2003-11-03 to my local LUG on how to fix ffxi's buggy networking problems when playing behind a linux firewall:

I started playing Final Fantasy XI online for PC this weekend.
(Yep, had to boot into windows for first time in long time
and had a couple crashes to remind me why I stopped using it)

Anyway, I have a linux box as my firewall doing NAT and the game
would not work with the error:
FFXI:3100 Could not connect to lobby server

Tech support just told me it's my fault for using a linux firewall
and implied their system has no bugs and claimed it works with NAT.

After some packet sniffing, I discovered that some bug in the game's
network code was causing it to send packets to the external ip of
my firewall(port 54001) instead of to square enix's lobby server.
A web search of port 54001 came up with a japanese language page
which had some iptables rules to use to let FF online work from
a playstation through a firewall. Those did not work, but the page
also had a list of Square's servers and which ports they use so
I made some quick rules to forward any misdirected packets to those
listed servers and voila it all worked.

So, in case anyone happens to have problems with this bug in
PlayOnline and Final Fantasy XI not working through NAT on
an adsl connection, here is the solution.

Here are the relevant parts of my firewall script:

extint="eth0"
extip=`ifconfig eth0|grep 'inet addr'|cut -f2 -d:|cut -f1 -d" "`
intint="eth1"
intnet="192.168.1.0/24"
iptabl es -I PREROUTING -t nat -p tcp -s $intnet -d $extip --dport 51220 -j DNAT --to 61.195.48.234:51220
iptables -I PREROUTING -t nat -p tcp -s $intnet -d $extip --dport 51240 -j DNAT --to 61.195.48.236:51240
iptables -I PREROUTING -t nat -p tcp -s $intnet -d $extip --dport 51300 -j DNAT --to 61.195.48.238:51300
iptables -I PREROUTING -t nat -p tcp -s $intnet -d $extip --dport 51301 -j DNAT --to 61.195.48.239:51301
iptables -I PREROUTING -t nat -p tcp -s $intnet -d $extip --dport 54000 -j DNAT --to 61.195.48.239:54000
iptables -I PREROUTING -t nat -p tcp -s $intnet -d $extip --dport 54001 -j DNAT --to 61.195.48.209:54001
iptables -I PREROUTING -t nat -p tcp -s $intnet -d $extip --dport 54002 -j DNAT --to 61.195.62.141:54002
iptables -I PREROUTING -t nat -p udp -s $intnet -d $extip --dport 54120 -j DNAT --to 61.195.62.144:54120
iptables -I PREROUTING -t nat -p udp -s $intnet -d $extip --dport 54246 -j DNAT --to 61.195.62.158:54246

Comment removed

[account_deleted]

Comment removed based on user account deletion

Squeenix == Evil

[KtHM]

The main problem with this, or rather, one of the major problems (as I found out trying to cancel my subscription)....you can't pay unless you've got their crap installed. I tried telling the idiot on the phone that I was cancelling *because* their crap game screwed up my computer, and they basically said, "Well, too bad, now you can't play our games EVER AGAIN." Big loss......*rolls eyes*

It's For Your Own Good...Really.

[roderick]

I hate it for the folks who are paying two bills to be unable to play a game, and the very least that should happen is getting credit on their FFXI accounts for the days they're locked out.

On the other hand, I'm forced to consider that the spin on this particular "feature" might be that it's not an outage, it's a one-step recovery program for MMORPG addicts. Were I on their tech support staff, I'd be tempted to try it at least once. ;)

Using ports 53 (DNS), 443 (SSL), and 4000-52000

[rfunches]

I monitored my network this morning (working Comcast connection) to see what ports and servers POL is using when it first loads up (this is captured Ethereal data from startup of POL to about thirty seconds after I successfully logged in): TCP 34707 to 51240 TCP 443 (https) to 4072 TCP 51220 to 4068 TCP 51220 to 4067 TCP 51220 to 4065 TCP 51220 to 4064 TCP 51220 to 4063 TCP 51240 to 34707 TCP 51304 to 4071 UDP 1036 to 53 (dns query, pt008.pol.com) TCP 4060 to 54000 UDP 1036 to 53 (dns query, ci000.pol.com)

Re:Using ports 53 (DNS), 443 (SSL), and 4000-52000

[_xeno_]

There's absolutely no point to this, but...

If you look at the your packet dump, you'll note that most of the POL stuff occurs over HTTP. (Find the random port it used, and tell Ethereal to decode it as HTTP.)

The HTTP server on the other end identifies it as Apache, version 1.3.26.

Apparently PlayOnline uses open source software. :)

Comment removed

[account_deleted]

Comment removed based on user account deletion