Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.
Most Popular Reviews
Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.
MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.
Most of these tips apply to both game server and game player (client)
problems unless otherwise indicated. Let
us know if you have a tip that we haven't covered, or if you find
Tip #1: Get a real IP Might as well just get this out of the way...
If you want a trouble-free gaming experience (and especially a trouble-free
game *serving* experience) then you may need to bite the bullet and
buy another IP address from your ISP.
This frees you from all the NAT routing based problems and connects your
game machine directly to your ISPs network, just like before you installed
Tip #2: Try DMZ
Most routers have either a "DMZ" or "default server"
function that places ONE client outside the NAT firewall. Try it
if you're having problems hosting a game server. This probably won't
be much help on the Linksys routers, which have problems with their DMZ
Tip #3: Tweak your TCP/IP settings
This is a bit of a double-edged sword. In some cases, messing with
the various TCP/IP parameters can actually slow down your cable-modem
or DSL connection. But users have also reported that they're key
to solving some game serving problems. You'll have to judge for
The best source for speed related Registry tweaks can be
found over at speedguide.net.
They've also got a good definitions
page that will tell you what these terms mean! DSLreports
also has their Tweak
Tester II, which checks your connection first, to see if tweaking
Tip #4: Half-Life - Multiple
to set up HalfLife for multiple users behind a NAT firewall
(The following info was contributed by Gene
I figured out a fix for multiple
computers connecting to the same server. The default client
port for Half-Life is 27005, so for the extra computers on your
LAN, add "+clientport 2700x" to the HL shortcut command
line; the x would be 6, 7, 8, and on up. This lets multiple
computers connect to the same server. NOTE:
Reader Chris Norehad says that the above is unnecessary with
version 1.30 and higher firmware. This has not been confirmed.
One problem: version 220.127.116.11 won't let multiple computers with the
same CD key connect at the same time, even if on the same LAN (not
a problem with 18.104.22.168).
As far as hosting games, the HL
server does not need to be in the DMZ. Just forward port 27015 to
the local IP of the server computer. I still have the problem of
people getting booted after a few minutes with "illegible
Tip #5: Kingpin/Quake2 - Multiple
to set up Kingpin for multiple users behind a NAT firewall
(The following info was contributed by Jeff Swiatowy)
I have found that adding the line "set
clientport xxxxxx" in the autoexec.cfg file in the game
directory will allow multiple players.
In Kingpin the default port is 31501. So for every machine on your
LAN you need to add "set clientport 3150x";
"x" being 1 for the first machine, then "x"
being 2 for the second machine, etc.
Tip #6: Quake3- Multiple players
to set up Quake III for multiple users behind a NAT firewall (Thanks
to Russell Haupert!)
Typically, many Quake III users have been reporting that Quake III is
unable to support multiple player connections from behind a NAT. While
the first player behind the NAT joins fine, adding additional players is
problematic in the default configuration. Symptoms include rejected
challenges, dropped delta packets, and severe "connection
By default, Quake III clients send and
receive data over the same port, causing the server to treat multiple
clients as a single data connection. Quake III does have the ability to
specify individual client ports for communication by adding a command
line switch. Follow the procedure below to add this switch.
1. Right click on the QIII icon
3. In the Target field you'll see a line like
"C:\Program Files\Quake III Arena\quake3.exe"
4. Add the Quake
III net_port command to specify a unique communication port for each
system. The complete field should look like this: "C:\Program
Files\Quake III Arena\quake3.exe" +set net_port 27660
5. Click OK.
6. Repeat for each system behind the NAT, adding one to the net_port
Tip #7: Death by server ping [Gamespy, Unreal Tournament &
The first thing that some games do is launch a massive set of pings to
find other servers to play with. Unfortunately, there are a couple
of problems with this:
If a number of pings are launched at the same network,
that network's border firewall could shut down any further traffic
from the IP address (or network) sending the pings. This usually
doesn't break your router, but could cause you to not be able to connect
to some of your gaming buddies, at least temporarily
Routers can only support so many simultaneous connections
at once. If your router locks up or loses its WAN connection
when your software goes into its "server search" mode, then
you probably are running into the router's connection limit.
There's not much you can do about the first problem, since
you have no control over your ISP's network. But the second problem
has some solutions:
1) See if you can reduce the number of servers that
are searched for at one time. In some cases, this can be done by highlighting a block of 50 to
100 servers at a time.
2) Try DMZ (Thanks to SMC
for this tip!)
If your router supports "DMZ" or "Exposed server"
or whatever they call the feature that lets you put one computer outside
the firewall, put the game machine in DMZ first, then let it run its
server update. Then take it out of DMZ.
3/14/01 3) Use Gamespy's "Refresh up to XX servers
[Thanks to Todd "Tungsten" Northcutt of GameSpy and James
Howard for this tip!]
The number of servers pinged at any given moment is a variable
that the user can set. Both GameSpy 3D and GameSpy Arcade allow the
user to select their connection type during the installation process
- this determines how many servers our software will query simultaneously.
Here are the values we recommended, based on connection types:
33.6 k or slower = 5 - 14
56k/64k ISDN = 15 - 19
128k ISDN = 20 - 34
DSL/Cable = 35 - 45
T1 = 46 - 65
T3 or higher = 66 - 80
80 is the maximum number of servers GameSpy will query simultaneously.
(GameSpy 3D will only query up to 64 servers at any given time.) The
number refreshed can be changed in both programs by the user.
GameSpy 3D: Tools > Options > "Refresh up to XX servers simultaneously"
GameSpy Arcade: File > Options > Network (use the slider)
4) Use a different server browser than Gamespy [Thnx to Dave Hopper for this info!] "Another solution is to use a different game server browsing
program like Ping Tool. The problem with Ping Tool is that you may not
like the way it works or it may not support the game you playing online,
however it never locks up the connection
[Ed. Note: As of September 30, 2001,
Ping Tool has been discontinued. We'll try to list a new apprpriate
tool here when we find one.]
You can also use the built in game server browsers inside of Quake 3
and Unreal Tournament as they work and don't lock up the connection
5) Try direct connection It's a pain to do, but you may need to connect the computer directly
to the cable modem for the update.
6) Buy another router with a higher limit.
Check the Hardware Router
chart and get a product with the highest number that you can
find if your favorite game does the server update thing.
Tip #8: Know your WAN IP address
Some on-line games require you to give them your "Host IP address".
This is the IP address that your ISP assigns to you. A simple and
reliable way to get this information is to use TZO's MyWanIP utility,
which you can get via our Tools
If you're using a Linksys or SMC Barricade
router, you can get your WAN IP sent to you via email. Go
here for the info and download!
Tip #9: DirectX/DirectPlay games
Microsoft games are among the most difficult to play behind a NAT router
due to the large number of ports they require to be opened. Microsoft
heard your pain, however, and has provided a way for multiple gamers to
play behind a NAT router.
The catch is that you must use two Microsoft products to
take advantage of this magic:
When you use these two products together, the game is able
to communicate with WinMe's ICS (via DirectPlay8) and automatically ask
for and receive the ports it needs to support the game. This happens
not just for one player, but for any number of players behind the
WinME ICS NAT router.
This capability has also been included in the upcoming Windows
"Whistler" release, but is not included
in Win2000 or Win98SE's Internet Connection Sharing feature.
Note that you must use both DirectPlay8 and WinMe's ICS.
This feature does not work by just using DirectX8.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.