# I need more than one dmz



## hat (Jan 17, 2010)

I have 2 computers—one hosts my phone and my Quake server. The other is my gaming computer, which I sometimes like to host servers for other things on—BF2, Unreal Tournament, etc.

Quake has to be on the DMZ to work, because it randomly uses every port in existance. I realize I could forward ports for BF2, but BF2 alone takes up almost all of the slots for port forwarding, and it's a pain in the ass changing them around for other things (like Unreal Tournament).

Is there any kind of reasonable solution to my problem? I've heard that some commercial level routers can handle having more than one DMZ. What if I got like a thin client PC and turned it into a really high-end router using a software router like Untangle? Would that support it?


----------



## DirectorC (Jan 17, 2010)

Hmm I haven't had the chance to play with DMZ's by hand but can't you put both PCs in the DMZ?  And if not, you could always use one computer as a NAT gateway for the other one (good ol 'Internet Connection Sharing')...


----------



## wiak (Jan 17, 2010)

DMZ = Demilitarized Zone, move to a place where there is a DMZ


----------



## FordGT90Concept (Jan 17, 2010)

It's not possible.  DMZ = every port that hits the WAN gets sent to this LAN.  They call it a DMZ because it is wide open to attack.  Obviously, you can't send every port to two or more computers.

There has to be a way to force Quake to use only a few ports.  Remember, you should only have to open ports if you are trying to host.  The port number will be randomized by the NAT in the router when trying to connect to a remote host.


----------



## hat (Jan 17, 2010)

There is no way to restrict Quake from using ports...


----------



## DirectorC (Jan 17, 2010)

Looks like a bunch of 'no's all around:

http://forums.techguy.org/networking/760700-dmz-3-computers.html


----------



## FordGT90Concept (Jan 17, 2010)

hat said:


> There is no way to restrict Quake from using ports...


Which Quake are we specifically talking about?


----------



## buffy (Jan 18, 2010)

This is very easy to install and configure:
http://www.smoothwall.org/

Point your DMZ at your smooth wall, this can be a very cheap PC with at least 2 NIC's.
System specs here: https://support.smoothwall.net/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=242

Once installed point your DMZ to the smoothwall and then you can sort all your portfowarding through that. You can even limit bandwith which you might find very useful.


----------



## Deleted member 3 (Jan 18, 2010)

DMZ basically means forward port 1-64K to x.x.x.x. Find out the ports you're using and forward just those. it's impossible for a server to require DMZ, that would be extremely unsafe.


----------



## assaulter_99 (Jan 18, 2010)

wiak said:


> DMZ = Demilitarized Zone, move to a place where there is a DMZ



Haha, I was thinking about the same thing too!


----------



## AsRock (Jan 18, 2010)

Why not fix each computer with it's own ip ( example: 192.168.1.30 \ 31.  Then use port forwarding.

EDIT: Might want to get a firewall up too.


----------



## Deleted member 3 (Jan 18, 2010)

AsRock said:


> Why not fix each computer with it's own ip ( example: 192.168.1.30 \ 31.  Then use port forwarding.
> 
> EDIT: Might want to get a firewall up too.



Each computer has its own IP per definition.


----------



## AsRock (Jan 18, 2010)

DanTheBanjoman said:


> Each computer has its own IP per definition.



Yes but unless you fix the IP to each computer each one for example could be 192.168.1.20 or 21 and at least you would know which computer is which too.


----------



## FordGT90Concept (Jan 18, 2010)

Depends on how DHCP behaves.  On my router, all computers always end up on the same IP addresses with DHCP enabled.  I use port forwarding to those semi-static IP addresses and have never had them change on me.  The only device that is not on DHCP is my server because it is a domain server (static IP required).


----------



## Disparia (Jan 19, 2010)

Assuming Q3A... lets test it.

I just put up a simple CTF dedicated server: 24.227.122.82, default port 27960.


----------



## Tau (Jan 19, 2010)

AsRock said:


> Yes but unless you fix the IP to each computer each one for example could be 192.168.1.20 or 21 and at least you would know which computer is which too.



DHCP should be assigning IPs based on MAC addresses, so a static IP is not required.


There has to be a way to limit/bind that quake server to a specific port or someway to stop it randomizing.... since having a server open to a DMZ is like leaving your car running windows down in the ghetto.


----------



## eidairaman1 (Jan 19, 2010)

if you need more than 1 DMZ you might aswell just remove the Router and run a switch


----------



## AsRock (Jan 19, 2010)

Tau said:


> DHCP should be assigning IPs based on MAC addresses, so a static IP is not required.
> 
> 
> There has to be a way to limit/bind that quake server to a specific port or someway to stop it randomizing.... since having a server open to a DMZ is like leaving your car running windows down in the ghetto.



Well not making them static can make issue's even more so if your running a server of one of them as the IP could change from say 20 to 21 pending on what computer was booted 1st.  So say if you were running Teamspeak of one of the comps and the ports forwarded for  192.168.1.20 but the other computer was booted 1st would make the forwarded port pointless as the IP would of changed for the comp thats running Teamspeak server.

So fixing each computer to a ip completely solves this issue if it decides to happen..  I had the issue years ago and it might not be a issue thee days i don't know as i've always fixed the IP ever since.  Makes life easier when using complex firewalls like i do as well.

Maybe newer routers don't do it now?.


----------



## FordGT90Concept (Jan 19, 2010)

The router would put the last MAC address to use 20 back on 20 and the last MAC address to use 21 back on 21.  Problems only arrise when a device with a static IP of 20 or 21 appears on the network creating a collision.  That is pretty rare though as it is not common practice to assign IPs out of a business setting (in which case, ever device has a static IP and those that don't are stuck on their own class C IP addresses under a DHCP).




eidairaman1 said:


> if you need more than 1 DMZ you might aswell just remove the Router and run direct.


That wouldn't work unless you have more than one internet connection (IP Address).


----------



## Bot (Jan 19, 2010)

if your firewall/ router supports UPnP and you can enable it on your OS then you should be fine.
i have a netgear firewall with UPnP and my server runs server 2008 which likes to use UPnP.
no hassle setup


----------



## Mussels (Jan 19, 2010)

servers only ever use the one port. when you join, its not like the game scans every port to join - they ALWAYS have a default port.

DMZ and port forwards are a one port-per forward only.

Stop using DMZ, set static IP's (or if you have a decent DHCP server, auto assign the same IP's to each MAC address) and forward only the ports you need.


----------



## Disparia (Jan 19, 2010)

Jizzler said:


> Assuming Q3A... lets test it.
> 
> I just put up a simple CTF dedicated server: 24.227.122.82, default port 27960.



I see now none of y'all wanted to get pwned! Or more likely, no one has Q3A installed 

Set it up as I would any other port-forwarded game or service. If it's working (outside connections), will be easier to track down hat's issues.


----------



## Easy Rhino (Jan 19, 2010)

buy a few static IPs from your ISP and either use a switch, or if your isp makes you use a specific router then set it up as a bridge and connect it to a switch.


----------



## hat (Jan 20, 2010)

Quake:







Quake DOES require all ports to be open. The default port for Quake is 26000, but that only gets used until you connect to the server. Once you connect to the server, your port is randomized. One person might be connected to port 4723, the next guy might be on port 51254...

Yes, of course I assign static IPs. Not only is it convienent in that I always know what pc is on what IP, but it's faster as Windows doesn't have to figure out what IP it feels like using. Also, I might put 192.168.1.101 on the DMZ, but I reboot it and suddenly it's .100... there's really no other way to do it.


----------



## Mussels (Jan 20, 2010)

you only need to worry about that first port. have faith.

First one is used to establish a connection (inbound) the others are assigned BY the server (outbound) so it shouldnt really matter.


----------



## hat (Jan 20, 2010)

Oh, but it does. I tried forwarding just port 26000, didn't work. You would get as far as "connection accepted", then nothing.


----------



## Mussels (Jan 20, 2010)

how annoying


well, port forwards should have priority over DMZ, so just port forward the ports you need to the other machines then.


----------



## FordGT90Concept (Jan 20, 2010)

Lucky for you, the original Quake source is released un the GNU.  After some investigating...

Default port number: 26000

Command to change the port: -port <number>

Note: -udpport and -ipxport function exactly the same as -port.


All indications in the source code say that should work.  When in doubt, use WireShark to catch all initial UDP traffic for the game and see what other ports are required server-side.

Clients will use numerous port numbers but the server, in the case of Quake, should only use one.


----------

