the program is still using more ports then I configured in ImpulseReactorOptions.exe
only workaround for now, is for me to open ALL ports to my internal IP.
Please fix that, and everything would be fine. Opening ALL ports should normally not be necessary....
[05-22-2009 11:34:57 156] Connected to facilitator at 220.127.116.11:6004. My External: 18.104.22.168:10592 My Internal: 192.168.1.2:6002 (CONNECTION ACTIVITY)
People do connect to my external IP Adress right?
Your router must be setup with Symmetric NAT which causes a port to be randomly picked (10592 in your case) when it leaves the router. I don't know if demigod trys to connect back to this port for its direct connection attempt (instead of the open range 6000-6200 for example). I suspect it does, as I had a router that was doing as yours was and had to forward all ports to get demigod to work 100%.
I have since swapped out my Symmetric NAT router for an older one i had that i think is using CONE NAT, i now get the same external port in the impulse reactor log as my internal port. With this router i only have to open the 6000-6200 range to connect without problems.
Perhaps demigod should send the port the internal client is listening on within the connection packet, and ignore the external port number the router has allocated (to take advantage of people forwarding ports). If a direct connect on this port fails, then try doing a NAT punchthrough via the port from the router.
I have seen some odd ports being used in my Reactor Log as well. Enabling a specified port range in ReactorOptions, even if it's just the default range, stops that behavior. A software setting like that wouldn't stop the router using random ports as you suggest above as the router would just do it's own thing regardless of what the software did if that was the case.
That being said, even when I stopped it from using those random ports in the logs, it still would not connect properly both ways to some people. Forwarding all ports, ie being in a DMZ, would also not resolve connectivity issues with some people.
I will say though that the proxies do seem to be working fairly well as a band aid over the remaining underlying connection issues. Aside from a little lenghty fallback period (if you're not forcing them), they seem to perform quite well and better than I was expecting for the added intermediary connection.