I need more than one dmz

[hat]

I have 2 computers—one hosts my phone and my Quake server. The other is my gaming computer, which I sometimes like to host servers for other things on—BF2, Unreal Tournament, etc.

Quake has to be on the DMZ to work, because it randomly uses every port in existance. I realize I could forward ports for BF2, but BF2 alone takes up almost all of the slots for port forwarding, and it's a pain in the ass changing them around for other things (like Unreal Tournament).

Is there any kind of reasonable solution to my problem? I've heard that some commercial level routers can handle having more than one DMZ. What if I got like a thin client PC and turned it into a really high-end router using a software router like Untangle? Would that support it?

 

[DirectorC]

Hmm I haven't had the chance to play with DMZ's by hand but can't you put both PCs in the DMZ? And if not, you could always use one computer as a NAT gateway for the other one (good ol 'Internet Connection Sharing')...

 

[wiak]

DMZ = Demilitarized Zone, move to a place where there is a DMZ

 

[FordGT90Concept]

It's not possible. DMZ = every port that hits the WAN gets sent to this LAN. They call it a DMZ because it is wide open to attack. Obviously, you can't send every port to two or more computers.

There has to be a way to force Quake to use only a few ports. Remember, you should only have to open ports if you are trying to host. The port number will be randomized by the NAT in the router when trying to connect to a remote host.

 

[hat]

There is no way to restrict Quake from using ports...

 

[DirectorC]

Looks like a bunch of 'no's all around:

http://forums.techguy.org/networking/760700-dmz-3-computers.html

 

[FordGT90Concept]

There is no way to restrict Quake from using ports...

Which Quake are we specifically talking about?

 

[buffy]

This is very easy to install and configure:
http://www.smoothwall.org/

Point your DMZ at your smooth wall, this can be a very cheap PC with at least 2 NIC's.
System specs here: https://support.smoothwall.net/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=242

Once installed point your DMZ to the smoothwall and then you can sort all your portfowarding through that. You can even limit bandwith which you might find very useful.

 

[Deleted member 3]

DMZ basically means forward port 1-64K to x.x.x.x. Find out the ports you're using and forward just those. it's impossible for a server to require DMZ, that would be extremely unsafe.

 

[assaulter_99]

DMZ = Demilitarized Zone, move to a place where there is a DMZ

Haha, I was thinking about the same thing too!

 

[AsRock]

Why not fix each computer with it's own ip ( example: 192.168.1.30 \ 31. Then use port forwarding.

EDIT: Might want to get a firewall up too.

 

[Deleted member 3]

Why not fix each computer with it's own ip ( example: 192.168.1.30 \ 31. Then use port forwarding.

EDIT: Might want to get a firewall up too.

Each computer has its own IP per definition.

 

[AsRock]

Each computer has its own IP per definition.

Yes but unless you fix the IP to each computer each one for example could be 192.168.1.20 or 21 and at least you would know which computer is which too.

 

[FordGT90Concept]

Depends on how DHCP behaves. On my router, all computers always end up on the same IP addresses with DHCP enabled. I use port forwarding to those semi-static IP addresses and have never had them change on me. The only device that is not on DHCP is my server because it is a domain server (static IP required).

 

[Disparia]

Assuming Q3A... lets test it.

I just put up a simple CTF dedicated server: 24.227.122.82, default port 27960.

 

[Tau]

Yes but unless you fix the IP to each computer each one for example could be 192.168.1.20 or 21 and at least you would know which computer is which too.

DHCP should be assigning IPs based on MAC addresses, so a static IP is not required.


There has to be a way to limit/bind that quake server to a specific port or someway to stop it randomizing.... since having a server open to a DMZ is like leaving your car running windows down in the ghetto.

 

[eidairaman1]

if you need more than 1 DMZ you might aswell just remove the Router and run a switch

 

[AsRock]

DHCP should be assigning IPs based on MAC addresses, so a static IP is not required.


There has to be a way to limit/bind that quake server to a specific port or someway to stop it randomizing.... since having a server open to a DMZ is like leaving your car running windows down in the ghetto.

Well not making them static can make issue's even more so if your running a server of one of them as the IP could change from say 20 to 21 pending on what computer was booted 1st. So say if you were running Teamspeak of one of the comps and the ports forwarded for 192.168.1.20 but the other computer was booted 1st would make the forwarded port pointless as the IP would of changed for the comp thats running Teamspeak server.

So fixing each computer to a ip completely solves this issue if it decides to happen.. I had the issue years ago and it might not be a issue thee days i don't know as i've always fixed the IP ever since. Makes life easier when using complex firewalls like i do as well.

Maybe newer routers don't do it now?.

 

[FordGT90Concept]

The router would put the last MAC address to use 20 back on 20 and the last MAC address to use 21 back on 21. Problems only arrise when a device with a static IP of 20 or 21 appears on the network creating a collision. That is pretty rare though as it is not common practice to assign IPs out of a business setting (in which case, ever device has a static IP and those that don't are stuck on their own class C IP addresses under a DHCP).

if you need more than 1 DMZ you might aswell just remove the Router and run direct.

That wouldn't work unless you have more than one internet connection (IP Address).

 

[Bot]

if your firewall/ router supports UPnP and you can enable it on your OS then you should be fine.
i have a netgear firewall with UPnP and my server runs server 2008 which likes to use UPnP.
no hassle setup

 

[Mussels]

servers only ever use the one port. when you join, its not like the game scans every port to join - they ALWAYS have a default port.

DMZ and port forwards are a one port-per forward only.

Stop using DMZ, set static IP's (or if you have a decent DHCP server, auto assign the same IP's to each MAC address) and forward only the ports you need.

 

[Disparia]

Assuming Q3A... lets test it.

I just put up a simple CTF dedicated server: 24.227.122.82, default port 27960.

I see now none of y'all wanted to get pwned! Or more likely, no one has Q3A installed

Set it up as I would any other port-forwarded game or service. If it's working (outside connections), will be easier to track down hat's issues.

 

[Easy Rhino]

buy a few static IPs from your ISP and either use a switch, or if your isp makes you use a specific router then set it up as a bridge and connect it to a switch.

 

[hat]

Quake:

Quake DOES require all ports to be open. The default port for Quake is 26000, but that only gets used until you connect to the server. Once you connect to the server, your port is randomized. One person might be connected to port 4723, the next guy might be on port 51254...

Yes, of course I assign static IPs. Not only is it convienent in that I always know what pc is on what IP, but it's faster as Windows doesn't have to figure out what IP it feels like using. Also, I might put 192.168.1.101 on the DMZ, but I reboot it and suddenly it's .100... there's really no other way to do it.

 

[Mussels]

you only need to worry about that first port. have faith.

First one is used to establish a connection (inbound) the others are assigned BY the server (outbound) so it shouldnt really matter.