1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

I need more than one dmz

Discussion in 'Networking & Security' started by hat, Jan 17, 2010.

  1. hat

    hat Maximum Overclocker

    Joined:
    Nov 20, 2006
    Messages:
    16,961 (5.79/day)
    Thanks Received:
    2,079
    Location:
    Ohio
    I have 2 computers—one hosts my phone and my Quake server. The other is my gaming computer, which I sometimes like to host servers for other things on—BF2, Unreal Tournament, etc.

    Quake has to be on the DMZ to work, because it randomly uses every port in existance. I realize I could forward ports for BF2, but BF2 alone takes up almost all of the slots for port forwarding, and it's a pain in the ass changing them around for other things (like Unreal Tournament).

    Is there any kind of reasonable solution to my problem? I've heard that some commercial level routers can handle having more than one DMZ. What if I got like a thin client PC and turned it into a really high-end router using a software router like Untangle? Would that support it?
     
    Crunching for Team TPU
  2. DirectorC

    DirectorC New Member

    Joined:
    Nov 4, 2009
    Messages:
    1,624 (0.88/day)
    Thanks Received:
    268
    Location:
    Florizy
    Hmm I haven't had the chance to play with DMZ's by hand but can't you put both PCs in the DMZ? And if not, you could always use one computer as a NAT gateway for the other one (good ol 'Internet Connection Sharing')...
     
  3. wiak

    wiak

    Joined:
    Sep 5, 2004
    Messages:
    1,747 (0.47/day)
    Thanks Received:
    200
    Location:
    Norway
    DMZ = Demilitarized Zone, move to a place where there is a DMZ :p
     
  4. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,967 (6.24/day)
    Thanks Received:
    3,805
    Location:
    IA, USA
    It's not possible. DMZ = every port that hits the WAN gets sent to this LAN. They call it a DMZ because it is wide open to attack. Obviously, you can't send every port to two or more computers.

    There has to be a way to force Quake to use only a few ports. Remember, you should only have to open ports if you are trying to host. The port number will be randomized by the NAT in the router when trying to connect to a remote host.
     
    Crunching for Team TPU
  5. hat

    hat Maximum Overclocker

    Joined:
    Nov 20, 2006
    Messages:
    16,961 (5.79/day)
    Thanks Received:
    2,079
    Location:
    Ohio
    There is no way to restrict Quake from using ports...
     
    Crunching for Team TPU
  6. DirectorC

    DirectorC New Member

    Joined:
    Nov 4, 2009
    Messages:
    1,624 (0.88/day)
    Thanks Received:
    268
    Location:
    Florizy
  7. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,967 (6.24/day)
    Thanks Received:
    3,805
    Location:
    IA, USA
    Which Quake are we specifically talking about?
     
    Crunching for Team TPU
  8. buffy

    buffy New Member

    Joined:
    Jan 5, 2010
    Messages:
    26 (0.01/day)
    Thanks Received:
    4
    Location:
    UK
  9. DanTheBanjoman Señor Moderator

    Joined:
    May 20, 2004
    Messages:
    10,553 (2.74/day)
    Thanks Received:
    1,383
    DMZ basically means forward port 1-64K to x.x.x.x. Find out the ports you're using and forward just those. it's impossible for a server to require DMZ, that would be extremely unsafe.
     
  10. assaulter_99

    assaulter_99

    Joined:
    Dec 7, 2009
    Messages:
    1,793 (0.99/day)
    Thanks Received:
    277
    Haha, I was thinking about the same thing too! :toast:
     
  11. AsRock

    AsRock TPU addict

    Joined:
    Jun 23, 2007
    Messages:
    11,136 (4.10/day)
    Thanks Received:
    1,771
    Location:
    US
    Why not fix each computer with it's own ip ( example: 192.168.1.30 \ 31. Then use port forwarding.

    EDIT: Might want to get a firewall up too.
     
  12. DanTheBanjoman Señor Moderator

    Joined:
    May 20, 2004
    Messages:
    10,553 (2.74/day)
    Thanks Received:
    1,383
    Each computer has its own IP per definition.
     
  13. AsRock

    AsRock TPU addict

    Joined:
    Jun 23, 2007
    Messages:
    11,136 (4.10/day)
    Thanks Received:
    1,771
    Location:
    US
    Yes but unless you fix the IP to each computer each one for example could be 192.168.1.20 or 21 and at least you would know which computer is which too.
     
  14. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,967 (6.24/day)
    Thanks Received:
    3,805
    Location:
    IA, USA
    Depends on how DHCP behaves. On my router, all computers always end up on the same IP addresses with DHCP enabled. I use port forwarding to those semi-static IP addresses and have never had them change on me. The only device that is not on DHCP is my server because it is a domain server (static IP required).
     
    Crunching for Team TPU
  15. Jizzler

    Jizzler

    Joined:
    Aug 10, 2007
    Messages:
    3,455 (1.29/day)
    Thanks Received:
    645
    Location:
    Geneva, FL, USA
    Assuming Q3A... lets test it.

    I just put up a simple CTF dedicated server: 24.227.122.82, default port 27960.
     
  16. Tau

    Tau New Member

    Joined:
    Mar 9, 2007
    Messages:
    821 (0.29/day)
    Thanks Received:
    92
    DHCP should be assigning IPs based on MAC addresses, so a static IP is not required.


    There has to be a way to limit/bind that quake server to a specific port or someway to stop it randomizing.... since having a server open to a DMZ is like leaving your car running windows down in the ghetto.
     
  17. eidairaman1

    eidairaman1

    Joined:
    Jul 2, 2007
    Messages:
    13,478 (4.98/day)
    Thanks Received:
    1,761
    if you need more than 1 DMZ you might aswell just remove the Router and run a switch
     
    Last edited: Jan 19, 2010
  18. AsRock

    AsRock TPU addict

    Joined:
    Jun 23, 2007
    Messages:
    11,136 (4.10/day)
    Thanks Received:
    1,771
    Location:
    US
    Well not making them static can make issue's even more so if your running a server of one of them as the IP could change from say 20 to 21 pending on what computer was booted 1st. So say if you were running Teamspeak of one of the comps and the ports forwarded for 192.168.1.20 but the other computer was booted 1st would make the forwarded port pointless as the IP would of changed for the comp thats running Teamspeak server.

    So fixing each computer to a ip completely solves this issue if it decides to happen.. I had the issue years ago and it might not be a issue thee days i don't know as i've always fixed the IP ever since. Makes life easier when using complex firewalls like i do as well.

    Maybe newer routers don't do it now?.
     
  19. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,967 (6.24/day)
    Thanks Received:
    3,805
    Location:
    IA, USA
    The router would put the last MAC address to use 20 back on 20 and the last MAC address to use 21 back on 21. Problems only arrise when a device with a static IP of 20 or 21 appears on the network creating a collision. That is pretty rare though as it is not common practice to assign IPs out of a business setting (in which case, ever device has a static IP and those that don't are stuck on their own class C IP addresses under a DHCP).


    That wouldn't work unless you have more than one internet connection (IP Address).
     
    Crunching for Team TPU
  20. Bot

    Bot

    Joined:
    Apr 14, 2009
    Messages:
    584 (0.28/day)
    Thanks Received:
    105
    if your firewall/ router supports UPnP and you can enable it on your OS then you should be fine.
    i have a netgear firewall with UPnP and my server runs server 2008 which likes to use UPnP.
    no hassle setup
     
  21. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,490 (11.47/day)
    Thanks Received:
    9,770
    servers only ever use the one port. when you join, its not like the game scans every port to join - they ALWAYS have a default port.

    DMZ and port forwards are a one port-per forward only.

    Stop using DMZ, set static IP's (or if you have a decent DHCP server, auto assign the same IP's to each MAC address) and forward only the ports you need.
     
  22. Jizzler

    Jizzler

    Joined:
    Aug 10, 2007
    Messages:
    3,455 (1.29/day)
    Thanks Received:
    645
    Location:
    Geneva, FL, USA
    I see now none of y'all wanted to get pwned! Or more likely, no one has Q3A installed :D

    Set it up as I would any other port-forwarded game or service. If it's working (outside connections), will be easier to track down hat's issues.
     
  23. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,506 (4.60/day)
    Thanks Received:
    3,357
    buy a few static IPs from your ISP and either use a switch, or if your isp makes you use a specific router then set it up as a bridge and connect it to a switch.
     
    Crunching for Team TPU
  24. hat

    hat Maximum Overclocker

    Joined:
    Nov 20, 2006
    Messages:
    16,961 (5.79/day)
    Thanks Received:
    2,079
    Location:
    Ohio
    Quake:

    [​IMG]

    Quake DOES require all ports to be open. The default port for Quake is 26000, but that only gets used until you connect to the server. Once you connect to the server, your port is randomized. One person might be connected to port 4723, the next guy might be on port 51254...

    Yes, of course I assign static IPs. Not only is it convienent in that I always know what pc is on what IP, but it's faster as Windows doesn't have to figure out what IP it feels like using. Also, I might put 192.168.1.101 on the DMZ, but I reboot it and suddenly it's .100... there's really no other way to do it.
     
    Crunching for Team TPU
  25. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,490 (11.47/day)
    Thanks Received:
    9,770
    you only need to worry about that first port. have faith.

    First one is used to establish a connection (inbound) the others are assigned BY the server (outbound) so it shouldnt really matter.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page