Traffic isn't being routed to the virtual machine

ghost commented 2 years ago

I'm trying to setup a connection using a VM in VirtualBox instead of using Hyper-V.

I set the VM network adapter to Bridged Adapter mode (Promiscuous Mode set to Allow All) so that I can have a static IP I can redirect the game traffic to. I set the IP to 192.168.1.171 in /etc/network/interfaces, made sure I could connect to internet and that I could connect via ssh from my host machine and double checked that the vm showed up in the router's dhcp list.

user@debian-vm:~$ ip addr show
[..]
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:5f:4c:00 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.171/24 brd 192.168.1.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe5f:4c00/64 scope link
       valid_lft forever preferred_lft forever

user@debian-vm:~$ cat /etc/network/interfaces
[..]
# The primary network interface
allow-hotplug enp0s3
iface enp0s3 inet static
address 192.168.1.171
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 8.8.8.8 192.168.1.1

The game still manages to connect to squeenix servers although traffic should be re routed to the now offline VM IP

===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      204.2.229.0    255.255.255.0    192.168.1.171       1
    124.150.157.0    255.255.255.0    192.168.1.171       1
    183.111.189.0    255.255.255.0    192.168.1.171       1
      195.82.50.0    255.255.255.0    192.168.1.171       1
===========================================================================

C:\Users\User>ping 192.168.1.171

Pinging 192.168.1.171 with 32 bytes of data:
Reply from 192.168.1.198: Destination host unreachable.

Ping statistics for 192.168.1.171:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),

The commands I used to add route rules on my host machine are:

route add -p 204.2.229.0 mask 255.255.255.0 192.168.1.171
route add -p 124.150.157.0 mask 255.255.255.0 192.168.1.171
route add -p 183.111.189.0 mask 255.255.255.0 192.168.1.171
route add -p 195.82.50.0 mask 255.255.255.0 192.168.1.171

I also tried appending an IF 20 which is the interface ID for the VBox network adapter but it didn't help

C:\Users\User>netsh int ipv4 show interfaces

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  1          75  4294967295  connected     Loopback Pseudo-Interface 1
 10          25        1500  disconnected  Wi-Fi
 18          25        1500  disconnected  Local Area Connection* 9
  8          25        1500  disconnected  Local Area Connection* 11
  6          25        1500  connected     Ethernet
 19           5        1500  disconnected  Ethernet 2
 20          25        1500  connected     VirtualBox Host-Only Network

quoehhh commented 2 years ago

have you tried pinging the gameserver IP on the VM? if its unreachable there, windows will use backup route to route your connection to the SE servers using your default internet.

ghost commented 2 years ago

have you tried pinging the gameserver IP on the VM?

It looks like the ping request fails no matter where I try. I can only assume the requests are failing because it's the server not accepting them, rather than me not being able to reach it, or I wouldn't be able to connect in the first place

user@debian-vm:~$ ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=114 time=24.9 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=114 time=25.2 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=114 time=24.7 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 24.706/24.951/25.246/0.223 ms

user@debian-vm:~$ ping -c 3 204.2.229.0
PING 204.2.229.0 (204.2.229.0) 56(84) bytes of data.

--- 204.2.229.0 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2049ms

C:\Users\User>ping 204.2.229.0

Pinging 204.2.229.0 with 32 bytes of data:
Request timed out.

Ping statistics for 204.2.229.0:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

ghost commented 2 years ago

I also checked the iptables rule is in the list:

root@debian-vm:/home/user# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  PC192.168.1.171      anywhere

ghost commented 2 years ago

I also tried moving the script and ffxiv,exe symlink to the /root directory but there are no changes in the terminal when I connect to the game. Traffic is definitely not reaching the virtual machine for some reason, even though I added specific routing rules

This is the output when I manually run mitigate.py in my /home/user directory

user@debian-vm:~$ ls
definitions.json  ffxiv.exe  mitigate.py  mitigate.py.cleanup.sh  oodle_helper
user@debian-vm:~$ sudo python3 ./mitigate.py
2022-09-29 04:04:34,142 557(main)       INFO    Region filter: (None)
2022-09-29 04:04:34,145 557(main)       INFO    Extra delay: 0.075s
2022-09-29 04:04:34,145 557(main)       INFO    Use measured socket latency: no
Base: 0xf3d20000
Oodle encode test: 256 -> 100
Oodle helper running: state=2eb400 shared=400018 window=8000
2022-09-29 04:04:36,535 557(main)       INFO    Failed to read previous opcode definition files: Definitions file older than an hour
2022-09-29 04:04:36,535 557(main)       INFO    Downloading opcode definition files...
sh: 1: mitigate.py.cleanup.sh: not found
2022-09-29 04:04:37,608 557(main)       INFO    Running: iptables -t nat -I PREROUTING -p tcp -m multiport --dports 1:65535 -d 109.244.0.0/16 -j REDIRECT --to 22959
2022-09-29 04:04:37,621 557(main)       INFO    Running: iptables -t nat -I PREROUTING -p tcp -m multiport --dports 1025:65535 -d 202.67.52.0/24 -j REDIRECT --to 22959
2022-09-29 04:04:37,624 557(main)       INFO    Running: iptables -t nat -I PREROUTING -p tcp -m multiport --dports 1:65535 -d 27.221.0.0/16 -j REDIRECT --to 22959
2022-09-29 04:04:37,627 557(main)       INFO    Running: iptables -t nat -I PREROUTING -p tcp -m multiport --dports 1:65535 -d 119.97.0.0/16 -j REDIRECT --to 22959
2022-09-29 04:04:37,629 557(main)       INFO    Running: iptables -t nat -I PREROUTING -p tcp -m multiport --dports 1025:65535 -d 80.239.145.0/24 -j REDIRECT --to 22959
2022-09-29 04:04:37,632 557(main)       INFO    Running: iptables -t nat -I PREROUTING -p tcp -m multiport --dports 1025:65535 -d 204.2.229.0/24 -j REDIRECT --to 22959
2022-09-29 04:04:37,635 557(main)       INFO    Running: iptables -t nat -I PREROUTING -p tcp -m multiport --dports 1025:65535 -d 124.150.157.0/24 -j REDIRECT --to 22959
2022-09-29 04:04:37,638 557(main)       INFO    Running: iptables -t nat -I PREROUTING -p tcp -m multiport --dports 1:65535 -d 162.14.0.0/16 -j REDIRECT --to 22959
2022-09-29 04:04:37,641 557(main)       INFO    Running: iptables -t nat -I PREROUTING -p tcp -m multiport --dports 1025:65535 -d 153.254.80.0/24 -j REDIRECT --to 22959
2022-09-29 04:04:37,643 557(main)       INFO    Running: iptables -t nat -I PREROUTING -p tcp -m multiport --dports 1025:65535 -d 183.111.189.0/24 -j REDIRECT --to 22959
net.ipv4.ip_forward = 1
2022-09-29 04:04:37,651 557(main)       INFO    Listening on ('0.0.0.0', 22959)...
2022-09-29 04:04:37,651 557(main)       INFO    Press Ctrl+C to quit.

ghost commented 2 years ago

I tried running tracert and it seems the traffic is routed through the VM IP first. I'm at a loss

C:\Users\User>tracert 124.150.157.0

Tracing route to 124.150.157.0 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  PC192.168.1.171 [192.168.1.171]
  2     1 ms    <1 ms    <1 ms  modem [192.168.1.1]
  3     *        *        *     Request timed out.
  4    33 ms    36 ms    42 ms  172.18.56.120
  5     9 ms    10 ms    11 ms  172.18.56.182
  6    11 ms    11 ms    11 ms  172.19.184.134
  7    15 ms    14 ms    16 ms  172.19.177.50
  8    22 ms    21 ms    25 ms  172.19.177.6
[..]

ghost commented 2 years ago

I also checked the iptables rule is in the list:
MASQUERADE  all  --  PC192.168.1.171      anywhere
I just realized I entered 192.168.1.171 instead of 192.168.1.171/24 when adding the new iptables rule. I fixed the problem but there seems to be no change in the terminal while I run the script

ghost commented 2 years ago

route add -p 204.2.229.0 mask 255.255.255.0 192.168.1.171
route add -p 124.150.157.0 mask 255.255.255.0 192.168.1.171
route add -p 183.111.189.0 mask 255.255.255.0 192.168.1.171
route add -p 195.82.50.0 mask 255.255.255.0 192.168.1.171

I wonder if I should add the IP referenced in the OPCode definitions instead..

ghost commented 2 years ago

Welp. Looks like I was onto something. The IPs referenced in the README.md are outdated(?)

ghost commented 2 years ago

The persistent rules I added on my host

===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      204.2.229.0    255.255.255.0    192.168.1.171       1
    124.150.157.0    255.255.255.0    192.168.1.171       1
    183.111.189.0    255.255.255.0    192.168.1.171       1
      195.82.50.0    255.255.255.0    192.168.1.171       1
     153.254.80.0    255.255.255.0    192.168.1.171       1
      202.67.52.0    255.255.255.0    192.168.1.171       1
     80.239.145.0    255.255.255.0    192.168.1.171       1
===========================================================================

Soreepeong / XivMitmLatencyMitigator

Traffic isn't being routed to the virtual machine #63