Firewall/NAT

On my network I have a Quake server running, which needs to be on the DMZ to work properly (as Quake assigns random ports to clients... one guy may connect on port 1254, and the next guy gets port 63425...). Using 1:1 NAT is fine for this, however, I need the odd port or two forwarded to other machines on my network, and using 1:1 NAT breaks all other port forwarding. Is there any way I can set up a DMZ for my Quake server, while still being able to forward specific ports to other machines? Every consumer-grade router I've ever owned had a simple DMZ server function where it opened every port for whatever IP you pointed it to, while specifically forwarding other ports superseded it. I'm looking to replicate that with m0n0wall.

If you only have two interfaces, add another.

[If you have only a single public IP, you'll need to use inbound NAT]

If you only have two interfaces, add another.

Thanks for the reply.

I do have a third network card in there, but from what I see about setting up a DMZ in the handbook, adding a third interface and doing it that way just creates another subnet, which would protect your main LAN from attackers who would come through the DMZ, and you would have to have more than one public IP to not break any individually forwarded ports anyway, as it says "Now you need to determine whether you'll use inbound or 1:1 NAT. If you have multiple public IP's, use 1:1 NAT. If you have only a single public IP, you'll need to use inbound NAT. If you have multiple public IP's, but more DMZ hosts than public IP's, you can use inbound NAT, or a combination of 1:1 and inbound.".

I'm looking to set up a DMZ on the same subnet as the rest of my LAN, without breaking individually forwarded ports from the Firewall: NAT: Inbound config. I only have one public IP. As I said, I just need a way to set up a DMZ function that forwards all ports to my server unless I specifically map ports to other machines. If there was a way to put the Firewall: NAT: Inbound config on a higher priority than the Firewall: NAT: 1:1 config, I would be golden.

If you have only one public IP, you can not forward the same port (or ports) to multiple (different) private IPs. It's ambiguous and can't work with this type of product.

A lot of the confusion here is being caused by differing definitions of DMZ; the one used in high security situations and products, and the one used by the makers of those home routers. They are completely different things.

If you have only one public IP, you can not forward the same port (or ports) to multiple (different) private IPs. It's ambiguous and can't work with this type of product.

A lot of the confusion here is being caused by differing definitions of DMZ; the one used in high security situations and products, and the one used by the makers of those home routers. They are completely different things.

So what I'm trying to do is impossible with m0n0wall? Do you know of any other router software that would work for me then?

If the odd port or two that you need forwarded to other machines doesn't conflict with the rest that you need to forward for the Quake server, then Inbound NAT is all you need.