Setting Up a Separate Game Server in a Networked Environment (DMZ, Port Forwarding)
Setting Up a Separate Game Server in a Networked Environment (DMZ, Port Forwarding)
You’re seeking a secure way to run a gaming server without impacting your network or other devices. In the past you hosted servers on dedicated hardware in data centers, but now time is limited and costs are higher. You’re considering using an older setup for online game hosting, such as Killing Floor 2 with just six players. Your ISP gives a static IP, and you’ve seen logs showing attempts via Remote Desktop. You’re wondering the optimal approach—using ASUS virtual DMZ for the static IP, port forwarding, or adding a second router. The idea is to isolate the server properly while keeping things simple.
It’s going to be open and scheduled when I’m ready to run it. If I chose a data center setup, I’d still spend $1400 a year on a server in Toronto (a waste of money since I only use it occasionally). There are definitely better options that won’t affect the network or devices. I wouldn’t mind losing access if someone tried to use the old system as a host for game servers. That’s why a clean reset is the simplest solution—it’s just a wipe and reinstall, and there’s no risk of other devices connecting. I’m puzzled about the best way to do this. I’m hoping to find advice from network forums, especially those discussing DMZ setups. Some people suggest using a second router with port forwarding to block unauthorized access beyond the server.
Add another data connection to your location. If it's accessible... well, I wouldn't attempt it on my private network, I use a separate one.
Public refers to the game browser list where anyone can join the session. Isolated means if someone malicious uses the game port as a back door, they’d only reach the physical system running the game servers and wouldn’t see or interact with other devices on the network.
You operate for an organization with a single network link. Their machines rely on this connection for internet access but also depend on a public file server for data storage. The goal is to allow unrestricted external access to the file server while preventing malicious users from exploiting it to breach other devices. Your recommendation is to invest in additional network segmentation so that if one part is compromised, only that segment is impacted.
a company maintains an alternative backup system in case the primary connection fails, such as a secondary line. even for home users, they keep their main fiber connection and rely on it as a fallback until the primary is resolved. there are valid reasons why you wouldn’t set up a public-facing server at home.
It's normal for businesses to rely on a secondary link. Our network at work is quite unreliable; we have a mobile backup since losing internet would halt operations until it returns, potentially costing the company a lot of money. We typically earn around $40k daily, making it a substantial sum. A VLAN would likely be the solution you're looking for. You mentioned you can't use that option. Perhaps you could switch to your ISP's supplied modem/router in bridge mode, which disables its functions. Alternatively, you might purchase a router that supports VLANs. As @dogwitch suggested, consider getting a dedicated internet connection for the server. Keep in mind that residential ISPs often disapprove of public servers, so be careful not to consume excessive bandwidth or risk receiving an unwanted call from your provider.
I switched to bridge mode for my modem because it performs better than my router. I’ve been using it for years and don’t intend to switch back. Bandwidth isn’t a major concern. My main goal is hosting online games, mainly KF2 with around six players at a time—so it won’t run continuously. Usually, it’s only active for a few hours during game sessions a couple of times a month. With my schedule, I can go a month without powering up my computer. I wasn’t sure if VLAN was the way to go, but I think my router can’t handle it. I’m running an ASUS model with Asuswrt-Merlin, which is still new despite its features. I also have an older ASUS unit using default firmware that’s gathering dust. It’s disappointing not being able to set up a guest network or isolate traffic. Even if nothing changes, I just want to keep my devices safe from potential backdoor access on the game server port. Without a fix, it mainly serves as a local server to save resources on my main machine when playing solo. It’s not ideal, but it works for now. Used to play custom games with friends and a few strangers to build teams.