1. Setup a Linux server and allow it to function as a router.
2. If that isn't an option, you will need to open up certain ports on your router and have them forwarded to your server machine. I am not exactly sure how to do this, as I have never gotten it to work correctly and I went with the first approach. I'm sure someone in here will be able to help you.
<!--QuoteBegin--Mellonpopr+Nov 28 2002, 09:14 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (Mellonpopr @ Nov 28 2002, 09:14 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->what's your server lan IP and what's brand and model is the router ?<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd--> The model of the router is D-Link DI-704P
Try setting up your server's internal IP address (ie 192.168.1.XXX or 10.0.0.xxx) in the DMZ host of your router. This will open every port to your machine. Try to see if the thing will actually run and people can join, after that you'll have to mess with what D-link calls "Virtual Server" ports.
Most router companies I have seen (NetGear and LinkSys) suggest users put their PC in the DMZ in order to host a server. That is why it comes up so often.
<!--QuoteBegin---=YG=-NightFall+Nov 29 2002, 05:27 AM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (-=YG=-NightFall @ Nov 29 2002, 05:27 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Putting a server in a DMZ does NOT open all ports to your server. Only open all ports if your completely stupid.
Required ports are 27005,27010,27011,27012,7002 and the port which ur server will run on ie 27015 or 27025.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd--> actually DMZ DOES open all ports to the assigned IP .. in this case his server
I also would not recommend doing that unless you're suspecting a firewall configuration problem and need to test it wide open temporarily in order to narrow the problem down
Mellonpopr is right, DMZ does open up all ports to the DMZ machine. Without going too far into the joys of PAT's NAT's, routing and/or firewalls I will say simply this -
You have two options using a router/modem of the calibre that you have:
Either use Port Address Translation along with Network Address Translation to pass relevant port traffic (and ONLY relevant port traffic) to your internal game server ip or use DMZ. There is no problem with either as long as they are done correctly - both will serve your purpose.
p.s If you are going to use a DMZ via your local machine then make sure that you protect that machine with a firewall (software one will do fine). If its linux then you have iptables which are not too hard to setup and if its windows then use something like zonelabs zonealarm (very easy to manage).
Then your are using really **obscenity** firewalls. All my servers in the DMZ are protect by the Firewall and dont have any ports open unless I open them on the firewall.
<!--QuoteBegin--haven+Nov 29 2002, 02:25 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (haven @ Nov 29 2002, 02:25 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Stuff<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd--> Pretty much exactly right, however, I don't hugely see the need for a local firewall... On a reasonably configured windows 2000+ box, there's not a lot you can do without knowing the admin pass for rpcing the box, however it's a good idea
Personal configuration I would go for is to use NAT (leave the ports alone) just to forward said packets to the right IP, I know not of DMZs for these routers, but basic NAT usually works for most things, and is somewhat more "secure"
<!--QuoteBegin---=YG=-NightFall+Nov 29 2002, 02:38 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (-=YG=-NightFall @ Nov 29 2002, 02:38 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Even just using NAT will leave the server wide open.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd--> Wide open to what?
I used DMZ for months without a problem, but I did windows 2000 sp3 and every update that came down the pipe. I recently locked it down and only forwarded (opened) the ports for that extra security and piece of mind
A long time ago I did DMZ and got the ole nimda because I had IIS webhosting running so it can be very risky if something new comes out an you and microsoft aren't prepared.
Just cos u use NAT, doesn't mean i couldnt hack ur system(NOT that I would hack it). NAT without port filtering only stops the newbs from hacking ur system.
I'll be converting our basic tutorials over for NS, shortly. Mean while, if your still not sure of the procedure for router setup for hosting of any hlds, grab the guide off my site and have a read of it. Even though i wrote it for counter-strike, the method remains the same.
And just to clarify, DMZ on most routers does mean you are exposing all ports :- unless you are running a software firewall on your client which is in turn your next line of defense which needs to be dealt with as with any service. Again, it's in the FAQ.. i hope it helps <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' valign='absmiddle' alt='smile.gif'><!--endemo-->
<!--QuoteBegin---=YG=-NightFall+Nov 29 2002, 04:00 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (-=YG=-NightFall @ Nov 29 2002, 04:00 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Just cos u use NAT, doesn't mean i couldnt hack ur system(NOT that I would hack it). NAT without port filtering only stops the newbs from hacking ur system.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd--> The fact you call it "hacking" leads me to believe you're an absolute moron.
If you can "hack" the NS server to break into my system, cool, but to do so, if I was running through NAT (personally i'd do it with iptables on a linux software router, but hey) you'd have to actually "hack" the router firmware, specially when it's designed to ignore ALL INCOMINGS to set ports. This includes everything, from netbios over TCP, to simple ICMP.
Comments
2. If that isn't an option, you will need to open up certain ports on your router and have them forwarded to your server machine. I am not exactly sure how to do this, as I have never gotten it to work correctly and I went with the first approach. I'm sure someone in here will be able to help you.
The model of the router is D-Link DI-704P
Required ports are 27005,27010,27011,27012,7002 and the port which ur server will run on ie 27015 or 27025.
Required ports are 27005,27010,27011,27012,7002 and the port which ur server will run on ie 27015 or 27025.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
actually DMZ DOES open all ports to the assigned IP .. in this case his server
I also would not recommend doing that unless you're suspecting a firewall configuration problem and need to test it wide open temporarily in order to narrow the problem down
You have two options using a router/modem of the calibre that you have:
Either use Port Address Translation along with Network Address Translation to pass relevant port traffic (and ONLY relevant port traffic) to your internal game server ip or use DMZ. There is no problem with either as long as they are done correctly - both will serve your purpose.
p.s If you are going to use a DMZ via your local machine then make sure that you protect that machine with a firewall (software one will do fine). If its linux then you have iptables which are not too hard to setup and if its windows then use something like zonelabs zonealarm (very easy to manage).
Pretty much exactly right, however, I don't hugely see the need for a local firewall... On a reasonably configured windows 2000+ box, there's not a lot you can do without knowing the admin pass for rpcing the box, however it's a good idea
Personal configuration I would go for is to use NAT (leave the ports alone) just to forward said packets to the right IP, I know not of DMZs for these routers, but basic NAT usually works for most things, and is somewhat more "secure"
Wide open to what?
A long time ago I did DMZ and got the ole nimda because I had IIS webhosting running so it can be very risky if something new comes out an you and microsoft aren't prepared.
/Kik
The fact you call it "hacking" leads me to believe you're an absolute moron.
If you can "hack" the NS server to break into my system, cool, but to do so, if I was running through NAT (personally i'd do it with iptables on a linux software router, but hey) you'd have to actually "hack" the router firmware, specially when it's designed to ignore ALL INCOMINGS to set ports. This includes everything, from netbios over TCP, to simple ICMP.