Server Page Contents
Tetris Network Topologies
Running an Internet Server
Public IP Address Problem
Firewall (Software firewall on computer)
Single Public Static IP Addresses
Static IP Addresses (Routed)
Static IP Addresses (Aliased Public Addresses not Routed)
Here are the network configurations available for running a
server, from the simplest to the more complex to configure.
NOTE: Only IPv4 addresses (192.168.1.10) not IPv6 (00-01-00-01-22-C6-A4-AA-2C-41-38-8B-0E-10)
You can use hostnames for addresses provided there are not
multiple network adapters.
You can use * for the server address and it will listen on
all available adapters, not valid for the client.
By default the program starts a server on 127.0.0.1
(localhost) if it is the first instance.
This is fine for single player or multiplayer on the same
desktop if you have joysticks or game pads.
Only programs on the same computer can connect to this
It is not necessary to configure Windows Firewall when using
Run the server on one computer and other computers connected
to your home / office network can connect and play.
You need to look up the servers IP address (running
“ipconfig /all” on the server) this is the address the clients will use.
The server can be started with the address: “*”.
Open port 32199 in Windows Firewall on the server computer
or, use the Windows Firewall dialogue that pops up the first time you start the
Assuming you are using a typical ADSL/Cable connection you
can run a server that can be connected to from the Internet but there are
You public IP address changes so you need to look it up
(google “my IP”), this address is what needs distributing to remote players.
A port forwarding rule is required on your router that will
map port 32199 from your public IP address to the private IP address of the
The server is then configured as with a local network
Anyone with an Internet connection can run a server, only
problem is this requires a little “Network Administration”.
This guide will explain the basic concepts involved.
Although Spludlow Tetris is used in this example the same applies for any
We will assume you are using a typical domestic (ADSL/Cable)
Internet connection (no static IP, not a routed subnet).
You need to at least have a rough idea what these things
Router The box off your
service provider that plugs into the wall and provides Internet to everything
that connects to it.
Local Network All the computers and
devices that connect to your router are creating a local network.
IP Address Computers and devices on
any network have unique addresses.
Public IP Address Every device (your router)
connected to the Internet has an address that is accessible from the whole
internet, example: 250.1.234.80. (Don’t start 192.168).
Private IP Address Every device on your local
network (things connected to the router) has an addresses that is only
accessible from other devices on the network (including the router), example:
Dynamic IP Address Networks (Internet and Local)
assign addresses to computers dynamically, they can change and get renewed.
Static IP Address Computers on the Internet and
local network can have IP addresses that do not change. When running a server
this is your best bet. (Public static IPs have to be ordered from your service
NAT Network Address
Translation. Your private network devices appear to the Internet as your
router’s public IP address, all the Internet can see of your entire network is
DNS The server
provided by your router that looks up IP addresses from names, typically you
router is providing a DNS server that is used by the local network.
Default Gateway The way out of the local
network to the Internet, the local address of the router.
DHCP The server provided
by your router that provides dynamic IP addresses to anything connecting to
your local network.
Dynamic DNS You can subscribe to a
service that keeps a certain DNS name updated with your dynamic public IP
Host Firewall A software firewall that
runs on each computer (Windows Firewall) that protects that computer from the
Router Firewall The component of your
router that blocks or allows traffic from the Internet to your local network.
Port Each software
server running on a computer is assign a port number, this allows multiple
services to share the same host.
Port Forwarding A network host (your router)
can be configured to forward traffic received from a port on the public
Internet IP onto a port on a computer on the local network.
All the Internet is a just bunch of networks all connected
together. These Internet networks are just like your home (wireless) / office
networks but the only difference is they have “Public IP addresses” so they are
accessible from the rest of the Internet.
You service provider’s Router/Modem/Box that plugs into the
wall, when connected, is assigned a Public IP Address so that little box
becomes a part of the whole Internet.
You router’s public IP address is what any client on the
Internet would require to make the connection to your servers on your network.
You can look it up by typing “My IP” into Google from any computer on your
local home network.
Tech Note: Your router is providing NAT (Network Address
Translation) simply put this makes your computer appear to the Internet as the
router. (This why Google is giving you the routers external IP not your
Only problem is this IP address is dynamic (it changes) so
if you give your mate the IP one day it may have changed by tomorrow. How often
this IP changed is down to your provider and the connection, typically
restarting your router will change the public IP address, but anything from a
bad line, network maintenance, or just provider policy may cause the IP to
You may find it changes very infrequently and for casual
connections from friends this may be fine.
One solution to this problem is subscribing to a “Dynamic
DNS” service. Check your provider may already offer this or your router may have
some provision. You install a software agent on your computer (or maybe enable
something on then router) it periodically connects out to the Dynamic DNS
server, with your identity, their servers get your current IP and update DNS.
So you can provide people with an actual domain name that will automatically
point to you current IP. The main problem with this solution being there may be
a lag in the update in DNS so clients out there will be using a previous IP,
you will just have to try this out for yourself.
The proper way of solving the problem is to obtain a “Static
Public IP” (that never changes) from your Internet provider. Problem here is
this will have a monthly cost to it and many domestic providers don’t even
offer it so you may have to shop around and change provider, even maybe get a
We have established your router has a Public IP Address and
is part of the Internet. This single public IP is what the Internet can “see”
Wither wirelessly or with a cable all your computers and
devices that connect to your Provider’s Router are forming a “Private Network”.
The private network is indeed private as your internet
router is blocking all external incoming traffic, by default, without router
configuration, there is no way for anything originating externally to enter.
Just like the Internet your local network’s computers and
devices, including the router, have IP addresses, but these are “Private IP
Addresses” and they only work for the things on your local network, allowing
everything access to everything else on the local network, whether it be
through the router to the Internet, like web browsing, or local to local, not
through the router, like printing a document from your PC.
You can now consider the 2 networks at play. The Internet
(Public of which your router has one address) and the Local Network (your
router and everything connected to it).
Notice the router is connected to 2 networks and guess what?
That means it has 2 addresses, the public one and the private one. Essentially
a router is a device that straddles 2 separate networks and can pass traffic
between them in whatever way it is configured to do so.
Tech Note: In this standard configuration, from your
networks perspective, there is technically no Firewall in play whatsoever just
a router being a router. The router simply can’t route traffic from the
Internet into your local network, because from the Internet only sees the
public IP, the route only goes as far as public IP addresses. A firewall
component is still present, in the router, which will be blocking traffic from
the public address of the router to itself, an example of this being the router
web interface is not accessible from the Internet.
A port is a number that represents the application (server
software) running on a particular computer, for example https is on port 443.
Many software servers running on different ports can run on a single computer
with a single IP address. (The Tetris server’s default port is 32199).
To get traffic coming from the Internet through your router
and into your server running on the local network you use “port forwarding”,
sometimes called port mapping, or port proxy.
This is a feature of all routers and will require you to log
into the web admin interface and create a port forwarding rule. This rule
simply says any traffic coming in on the Public IP address for the specified
port should be forwarded to the specified Local IP address port.
The server that has been forwarded to on the local network
appears on the router’s Public IP address.
It’s important not to get mixed up here with public and
private IP addresses just forget about the Router’s Public IP address for now,
as private dynamic addresses will now be discussed and they are a separate
Your routers private IP address will be static (it won’t
change) but everything else, computers and devices, will be dynamically
assigned a private IP address (using DHCP). This automatic configuration is all
performed by the router, it will provide everything connecting device require.
Most routers I’ve seen lately use this private IP address
192.168.1.1 First device
192.168.1.2 Second device
192.168.1…. devices ….
192.168.1.250 My Server local static IP
The “192.168.1” represents this local network and the last
number 1-254 represents each connected device. Here the router is at the range
end (254) sometimes you see it at the start (1).
All your devices will appear jumbled up (in no particular
order) near the start of the range, devices can change and swap as the router
decides to re-use an address that hasn’t been connected for a while.
Local networks generally don’t renew their private IP
addresses very often, with a wired connection with an always on computer (like
a server) may never change under normal circumstances. Problem is at some point
it will change, maybe after a power cut or if a machine is off for too long.
The problem here with the dynamic private addresses is that
when you configure the port forwarding on the router you specify the private
address to point to, if the private address of the local server changes then
the port forwarding is broken.
The most robust way of dealing with this is to configure
your server computer to use a static private IP address. This involves
configuring the computer’s network interface with the static IP. I’d recommend
something near the end (it cannot clash with anything else on the network) you
can remember easily like 250. Once configured it will behave just as before but
the private IP won’t float about.
When setting up the static IP you also need to supply the
DNS and Default-Gateway IP addresses both these are typically the same as
routers local IP address for everything on the local network. Type “ipconfig
/all” from the command prompt to see what the existing settings are.
Other options are available for dealing with the dynamic
local IP problem that you may consider, all of which you would leave your
computer’s network interface to “obtain IP address automatically”:
Using your routers web interface you can set up a “DHCP
Reservation” this means the router will always assign the same specified IP to
a particular hardware (MAC) address.
Some routers will allow a port forwarding rule that targets a
hardware (MAC) address rather than a private IP address, so the private address
Manually update the routers port forwarding rule if you notice
your local IP address change. Just make sure you notice changes as the server
will be unavailable.
Not to be confused with the Router’s firewall that shields
the router from the Internet, the host firewall runs on each computer shielding
individual hosts on the local network from each other including the router.
Normally there should be nothing running on any local
computers that you need protecting from so host firewalls are effectively
The host Firewall on Windows is called Windows Firewall or
Windows Defender Firewall. With default settings (especially when network
discovery is turned off) you are pretty much protected from local computers
infected with viruses that may be trying to exploit local computers.
To allow incoming local network connection, including those
port mapped from the router a host firewall rule must be added. Add allow all
incoming connections from a particular TCP Port number (32199 for Tetris) for
all network profiles (Public/Private/Domain).
So we have followed the path from external Internet clients,
through your router’s public IP address, forwarded to your computer’s private
IP address and finally through the host firewall to a port.
We are ready to run the server software on the server
computer (host), put something on the end.
When you run server software you will “Bind” to a specified
IP address and port number. The IP address must be one of the computer’s local
network adapter IP Address. The port number should be open in the host
You can use a bind address of “*” to mean listen on all
If you get a single static IP address from your provider
then your network is functioning exactly as it does with a dynamic IP just that
the router always has the same public address.
With a single public address you can still have many
separate local servers providing services on different forwarded ports. You may
have a web and mail server both appearing on the same public IP (actually the
routers) although they are 2 separate computers.
The smallest block of public IP addresses you typically get
is 8, you can get more like 16 or 32 but let’s consider the minimum, Here is a
fictitious public IP address allocation:
1 250.1.234.80 Network Address
2 250.1.234.81 1 usable
3 250.1.234.82 2 usable
4 250.1.234.83 3 usable
5 250.1.234.84 4 usable
6 250.1.234.85 5 usable
7 250.1.234.86 Router
8 250.1.234.87 Broadcast
There is always an overhead of 3 addresses on each subnet
block (network, router, and broadcast) leaving a total of 5 usable addresses in
You setup your router to provide a routed subnet then
configure computers on your local network with the 5 public IP addresses and
they will receive traffic directly from the Internet.
If the router is just routing (not providing any Firewall
functionality to the subnet) then the only protection your computers are
receiving from the Internet are the host (software) firewalls running on the
local computers with public IP addresses.
Now not just the external half of your router is on the
Internet your whole local network is.
With many IP addresses you don’t have to create a routable
subnet you can configure your router with all 8 public IP addresses (aliasing
the addresses on the router) then port forward just as you would with single
This configuration can use all 8 allocated external IP
addresses, because it isn’t using a routed subnet. The local network will use private
addresses and is by default protected from all incoming Internet traffic, so
it’s secure by default.
Unless you have a specific requirement for many IP addresses
then the network topology is identical, on the private network, to a single IP
setup so consider that first.
The big drawback of this arrangement is that your typical
router is much better at routing that it is at firewalling and port forwarding.
With heavy traffic a low end domestic router may get more easily overloaded
using this configuration, although the bottle neck of the Internet connection
speed will probably keep it from overloading.
I’ve seen routers overload easily in this configuration by
uploading large files over FTP from the local network to a port mapped server
as all the traffic is going through the router at local network (1 Gbits)
Having said that the security of this setup may be
attractive in which case you may need a better Router/Firewall that can offer
more “firewall throughput”.