Enabling External Access To Your Server - SWG-Source/swg-main GitHub Wiki
This has been the white whale with private SWG servers for a long time, "how do I get my buddies to join me playing SWG?". The v2.1 SWG Source VM includes a feature called easy external access which does exactly that, makes external access very easy to enable. The problem is that is can be easily blocked by a multitude of factors which are often very specific to the hardware & software set up that you have at home. Please keep that in mind and there will be a troubleshooting section at the end to help with some of those scenarios.
The steps in this guide will assume that none of the aforementioned complications are involved and in a perfect world nothing else would be needed to get external access working.
Pre-configuration Information Gathering
You need to take note of some information before getting started. The most important thing is the public IP address of your router. You can quickly get this by googling "whats my ip" and you will see something like this:
Changes Inside The VM
On your desktop you have a shortcut for "SQL Developer" which is an SQL client that is pre-configured to access the Oracle database used by the SWG server. Launch that program:
Now you need to open up the cluster_list table so we can add the public IP to it.
Replace the value there showing "public ip" with the ip address you got from the google search earlier (51.37.107.12 in this example) and then commit (save) that change to the Oracle database. You can do that by double clicking on the highlighted portion (the ADDRESS field):
Now enter your public IP in the ADDRESS field and click on the Commit Changes button (or press F11):
You should then see something like this:
Now close the SQL Developer client to get back to the desktop. Navigate to the config files as shown here:
Double click on localOptions.cfg and open it in a text editor (if asked, select Display so you can then choose what program will open the file):
Locate the easyExternalAccess value and ensure it is set to true and that there is no # symbol preceding it:
Save your changes and you can now boot up the SWG Server.
Changes In The SWG Client
On your Host PC (windows machine running the VM) or another PC in your network where you will be running the SWG Client, open up that folder and locate the login.cfgfile:
Edit the file using a text editor and replace the loginServerAddress0 value with your public IP address (51.37.107.12 for this example):
NOTE: if the SWG client is on the Host PC then using the public IP may stop the client from being able to connect to your SWG server due to a limitation of your router. You could also just leave that particular client configured to use the internal IP of your VM and make the suggested change to the public IP for login.cfg on any PC outside your network that will be connecting to your SWG Server e.g. a buddy located elsewhere on a completely different local network who is connecting to you via their own internet service. Even using the internal IP of the VM in your Host PC's SWG client may not work if your router isn't allowing for loopback, more on that will be in the Troubleshooting section.
Changes On Your Router
There are two services that you need to expose to the internet via your router - the web site inside the VM that allows players to register accounts and the SWG game server itself. This requires ports to be redirected from your router to the VM which is also known as Port Forwarding.
If you compare network traffic to a postman delivering mail then your one piece of your IP Address on your local network is the street and the other part is the house number. Let's assume your house is within a gated community with a security guard at the gate. So the postman arrives at the gate and the security guard has to give permission for him to enter the street to find your house. That's essentially what your router does, it acts as that security guard and can allow traffic from the internet to enter your local network and directs it to a specific PC in there. Confused yet?
Now we complicate things for the poor postman, when he gets to your house it turns out to be an apartment complex. So in order to deliver to you the postman now needs another piece of information, your apartment number. So in computers terms that's a port number. The public IP address gets someone from the internet to your router, the router chooses to allow or deny access to your PC by providing the internal IP and includes a port number so the correct "service" on your PC can communicate with the incoming traffic.
So that means we need to tell your router which PC on your local network contains the SWG Server and auth web site by using the internal IP address of the VM and we also need to provide the port numbers on that PC that will be required. The complication is that this is specific to each router and so how you can set these port forwarding rules up will differ greatly from router to router. Here are some examples of the three ports that you need to open up (80, 44453, 44463) based on how my router handles these things. The full range that you need to open up is 44450 to 44465 for TCP & UDP.
Port 80 - Auth web site that allows players to register accounts:
Number (1) in that screenshot is a checkbox to set this port forwarding rule active or not, (2) is a preset that already knows we want to use port 80, HTTP, (3) is the nickname by which the router refers to the VM and (4) is how you save the rule. Some of that configuration will be exposed for the next two ports as they can't use presets and must be custom entries.
port 44453 - SWG Server Connection Port
That port forwarding rule looks like this when you edit it:
You can see that it is configured to redirect external traffic for port 44453 to internal port 44453 for both TCP & UDP protocols. This rule can then be applied to a device / PC within your network. Once active that means traffic sent to your router on port 44453 will be allowed to enter your local network and be forwarded to whatever device you choose and will arrive on port 44453.
The internal IP address for the VM in this example is 192.168.1.100, the router recognised that device and allowed me to give it a nickname (SWG_Server) so I could more easily see it in the router software so I can attach the port forwarding rule to that specific device.
port 44463 - SWG Server client port This is setup exactly like the last rule but using 44463 rather than 44453.
All things being equal, at this point you should be able to have external SWG clients connect to your VM, register accounts, login to the server and play the game. Using just those two ports (44453 & 44463) will allow players to connect, create characters and run around in the game world but they will see 95% packet loss unless you also open up the other ports in the 44450 to 44465 range.
Troubleshooting
Due to the nature of what is being done here, there is a level of complexity that comes along with that. You are attempting to have someone on the internet use an SWG client to connect to your router and then have the router allow that connection to your Host PC which in turn must allow the connection to the VM so that the SWG Connection Server can decide if that person has an account or needs to register one before getting access to the SWG Game.
That whole process just went through three firewalls on your equipment and potentially a fourth one on the remote PC making the connection. The overview looks something like this:
Let's consider each of those firewalls in sequence. The Router Firewall is controlled by your router software and can be configured to allow connections to PCs on your internal network, this is also where you would set up the port forwarding rules described in the last portion of this guide. If you think the router firewall is blocking connections to your internal PCs then try to set up a port forwarding rule for a web server from the router to an internal PC and then see if that web site can be accessed by someone remotely. That will at least show you that external connections are able to get inside your local network.
The Personal Firewall Software is where things can get very awkward. When I set up my own external access I was able to remotely connect to the auth web site within the VM but not to the SWG game itself. It turned out that my Host PC's firewall (SEP / Symantec Endpoint Protection) would allow preset port forwarding rules such as web / HTTP traffic but not anything custom such as the 4453 & 44463 ports for SWG unless I made an explicit rule in the software which specified the external IP of the remote PC trying to connect. In that scenario traffic from that remote PC would reach the router and show the external IP it was arriving from, the router would then allow that traffic to get to the specific internal PC at which point the personal firewall would check for a rule in it's configuration to decide whether to let the traffic get to the VM or not. I was able to troubleshoot that issue by creating a temporary rule that exposed my PC to all traffic on all protocols from all hosts (essentially an ALLOW ALL rule) and once that allowed the remote SWG client to connect, I tightened up that rule to just allow traffic from the specific external IP of the remote PC. How you do this, if needed, will be specific to whatever firewall software you are using on your Host PC that runs the VM.
The VM Firewall is not configured to block anything and should therefore not be a factor causing connection issues for you.
If you are unsure that the port forwarding rules on your router are working as intended then your router may have an option to specify a DMZ. This bascially means "expose this internal IP address to all traffic from the internet". You could use that option to see if the remote PC can then connect to SWG and then if successful revisit your port forwarding rules to figure out why they are not working.
Should you notice that external clients can connect to your SWG Server but internal clients cannot then you have a couple of things you can try. Firstly see if the internal SWG client is using the internal VM IP in the login.cfg file. Secondly you could try to use the public IP of your router in that file and try to connect. There is a feature in some routers referred to as "loopback" which allows internal clients to exit the local network via the router and then return to the local network to connect to a server using the external address. Some routers just can't do this though. A workaround can be done though, if you have a personal VPN service (PIA, NordVPN etc) then you can use that on the PC running your SWG client to mimic it being a remote PC. You can then use the public IP in the login.cfg file to connect to the SWG Server.
One potentially annoying aspect of how external access is configured is that your public IP might change over time. In my case it will change every 24 hours or so. That means having to change the cluster_list table value, restart the SWG server and then provide the new public IP to anyone connecting remotely. There is a may to make this more convenient and avoid having to change anything. You can set up DDNS on your Host PC using something like https://www.noip.com which is a free service but will nag you once a month to buy a subscription. You can configure it to sit on your Host PC and monitor the public IP of your router and send that IP address to the no-ip servers where you can assign a valid internet URL to it such as swg-server.ddns.net and then use that DDNS value in the cluster_list table and in the login.cfg files of the remote SWG clients. If your public IP changes, the no-ip software on your Host PC will see that and update the no-ip server which will then update the DNS records on the internet of your domains' new IP. This means never having to worry about updating public IP values once the no-ip client is operational on your Host PC.