How to Set Up a Dedicated CoD(UO) Server Behind a Firewall

By OldDog (V1.5)
(Click here for a printable version)

NOTE:  This is targeted to the home-based server admin.  For you that rent servers from a provider company, most of this is already taken care of for you.  However, the principals are the same.

 

ADDITIONAL NOTE:  This document is not “plug and play”.  It is NOT a tutorial for every router/firewall available on the market.  Nor is it a tutorial for any SPECIFIC router/firewalls.  It mentions Netgear and LinkSys, but doesn’t contain screenshots of these units.  If you need help with a specific router/firewall, go here: http://www.portforward.com.  It has screen shots and tutorials on most routers/firewalls.  What this document attempts to provide is some basics of firewalls, routers, IP addressing, and how to get your CoD(UO) Server up and visible to the Internet.  If you are unwilling to read the manuals and tutorials that come with these devices, don’t bother reading any further.

 

ONE MORE ADDITIONAL NOTE:  The only topics covered in this document regarding server configuration files are those that directly relate to connecting through a router/firewall and the successful “publishing” of your server.  Any other configuration stuff is covered in far better documents, guides, and tutorials found on http://www.fpsadmin.com, and, especially, two great documents:

  1. From BoSBrian,  click here: Dedicated Server Install Instructions.  It's in PDF format, so, right-click, and use "Open in new window".

  2. From Anex, click here: The Crimson's/Anex's RCON Guide for Call of Duty

 

You need 3 basic items covered in order to get your CoD(UO) server setup as dedicated (and visible to the outside world):

  1. A running server with a proper config (recommended name is DEDICATED.CFG) file that controls the characteristics of your server

  2. A way for the Internet to see your server (A publicly accessible IP address)

  3. A command-line startup for CoDMP.EXE or CoDUOMP.EXE(the Call of Duty Multi-Player and United Offensive program) that reflects a DEDICATED status.

 
How to do the above follows:
 
  1. A running server with a proper config file is the first step:

Creating the server on your own LAN, without outside access is the best method to ensure that all is working well.  You can add any mods you like, change settings, screw around, etc.  After you “publish” to the world, you want to be sure you know what’s happening and how to correct problems quickly to avoid disruption to players and extended downtime.  Nothing pisses players off more than to connect to an erratic server.  They’ll stop coming to play.

Once you’re ready to “publish” the server to the outside world, you will need to have, in your CFG file, the following entries:

 

// MasterServers

seta sv_gamespy "1"

seta sv_master1 "codmaster.activision.com"

seta sv_master2 ""

seta sv_master3 ""

seta sv_master4 ""

seta sv_master5 ""

 

this entry will make your server available to GameSpy, All Seeing Eye, ActiVision, and InfinityWard.

 

NOTE:  For a United Offensive server, you need the following:

 

// MasterServers

seta sv_gamespy "1"

seta sv_master1 "coduomaster.activision.com"

seta sv_master2 ""

seta sv_master3 ""

seta sv_master4 ""

seta sv_master5 ""

 

Next you will need to set your “rate”, as in (an example only):

 

// Rate + FPS

seta sv_maxRate "2300"

seta sv_fps "20"

 

sv_maxRATE determines the amount of bandwidth your server uses for each client.  It is a calculation based upon your bandwidth (size of your UPLOAD pipe, not DOWNLOAD) and the numbers of players you plan on hosting.  Here is the calculation:

 

of clients * sv_maxrate * 8(for 8bits) = upload speed
or
Upload speed / ( # of clients * 8 ) = sv_maxrate

 

To determine your DOWNLOAD and UPLOAD speeds, use http://www.dslreports.com.  You can do 4 free tests in a day, and I advise testing over several days, especially if you’re a cable subscriber.  For example, my DOWNLOAD speed (on a cable modem) averages around 2200KBps to 2900KBps (that’s 2.2MBps to 2.9MBps), but my UPLOAD speed averages between 242KBps and 253KBps.  Quite a difference.  Therefore, the calculation I used is:

 

243000 / (13 * 8) = 2336

 

My total number of players is 13 (10 with 3 private slots), my UPLOAD speed is 243000Bps (243KBps), and I rounded 2336 to 2300.

 

Use RudeDog's Excel calculator for determining maxrate (NOTE:  you need to have Excel installed locally):

http://www.fpsadmin.com/maxrate/

  1. A publicly accessible IP address is the second step:

    And, the most complex.  Most people will have cable or DSL.  With both comes an IP address that your provider has given for your cable or DSL modem.  This is normally as far as the provider will go.  The cable or DSL modem is connected to your PC and you’re off and running, usually without a firewall of any sort.  This is bad.  At a minimum, you should have a router (with firewall) between your PC (or PCs) and the rest of the Internet.  Some will set up the Windows XP Personal Firewall, or a third-party software firewall such as ZoneAlarm directly on your PC, and think, “All is good”.  Think again.  Unless you know what you’re doing with these (or any) firewalls, you can either lock everything down to the point where you can’t function, or open everything to the point where it makes no sense to even HAVE a firewall.  Out of desperation, I’ve seen a lot of people just open up their firewalls to get the CoD(UO) server working.  Bad mistake…the Internet is truly a horrible place without protection.

Compounding this are additional devices on a home network…like your wife’s/husband’s or kid’s PCs, and/or your proposed, dedicated CoD(UO) server.  Now what do you do?  Well, some have used the <gasp> Windows XP Internet Connection Sharing feature.  Run screaming from this.  Here is how a home network should be set up (for both security and access):

 

This clearly calls for some expenditure of time and money on your part, but, that’s the price you pay for wanting to host your own game server.

 

About routers:

All router/firewalls have both a TRUSTED and UNTRUSTED side (it may be called something else depending upon your firewall).  This is to differentiate where RULES or POLICIES reside, and apply.  Usually, on the TRUSTED side, rules (or policies) are for OUTBOUND access, and, on the UNTRUSTED side, the rules (or policies) are for INBOUND access.  You can, for example, leave the out-of-the box settings on most firewalls to allow complete OUTBOUND access on the TRUSTED side (not advised, because if someone gains access, by any means, they now have wide-open access outbound to do as they wish…this is how spam relayers work).  Conversely, INBOUND access is usually (out of the box) completely blocked, which means that no ports are open for your CoD(UO) server, which is the primary reason for lack of server visibility.

A note about firewall IP addressing:

  • Most router/firewalls come with a facility called DHCP (Dynamic Host Configuration Protocol) built in on the TRUSTED side.  This will hand out IP addresses (according to the SCOPE or ADDRESS POOL) to any device that requests one.  This pool is usually the address immediately after the default TRUSTED address if the router.  In the case of Netgear routers, this is usually 192.168.0.1.  In the case of LinkSys routers, it is usually 192.168.1.1.  Therefore, the first address handed out to the first requesting device (in the diagram, Your PC) it will be 192.168.0.2, and so on.
     

  • DHCP releases and renews LEASES (that’s the name for the IP addressing hand-out) on a periodic basis.  Because of this, one, or more, of your PCs/Servers could lose its IP address if it’s off for any period of time.  Not lose it completely because the router will see it come back online and will give it a NEW IP address.  This is important for the CoD(UO) server, and you don’t want it changing on you.  The RULES (or POLICIES) will be set to permit access to a specific IP address.  Therefore, the CoD(UO) Server (at a minimum) should have a STATIC IP Address that is then RESERVED on the router.

Ok, so all that is fine, but how the hell do you do all of this?

  1. Well, you have to learn something about your particular router/firewall, and the way to do that <gasp> is RTFM (Read The F&*%ing Manual).  At a minimum, the router/firewall comes with a “quick-start guide”.  USE IT!  It will tell you, first of all, how to set up the actual hardware.  Once the router/firewall is connected, pay attention to the idiot lights on the box itself.  Use the manual to tell you what those lights are saying to you.  If all goes well (and you paid attention to the manual), your router/firewall will now be connected properly to your cable or DSL modem.  You need to then connect your PC to your new network, so you can manage the router/firewall.
     

  2. First, take a look at your firewall/router.  Does it have a bunch of ports (usually 4) on the back?  If so, you don’t need to bother with a switch/hub (see diagram), unless you have more than 4 other devices on your network.
     

  3. Otherwise, you will need to buy a switch/hub.  Netgear makes a pretty good line of inexpensive 10/100MB switches.  If you have to go the switch route (don’t buy a hub, use one only if you have one already), then one of the ports on the switch will be a “Normal/Uplink” port.  This port gives you the ability to connect to the router/firewall without having to use a crossover cable.  Use a regular RJ45 cable, connect the cable to the LAN port on your firewall, and push in the “Normal/Uplink” button so that you see a light on the last port, next to the button.  Your switch is now ready to accept other devices, so plug in your PC to one of the switch ports.
     

  4. If you have ports on your router/firewall, all you need do is to plug your PC into one of those ports.
     

  5. Wait a minute, or so, for your PC to request, and acquire, an IP address from your router/firewall.  Open a command prompt and type in “ipconfig /all” (no quotes).  Look for the IP Address in the resulting list.
     

  6. Now, connect your CoD(UO) Server the same way (either to the router/firewall or the separate switch).
     

  7. NOTE on IP Address acquisition:  I’m assuming that everyone reading this knows how to let Windows find its own IP address.  If you don’t, then you should read up on it.
     

  8. Start a web browser on your PC, and referring to the MANUAL, again, find out what the default IP Address of the router/firewall is.  For Netgear, as I said, it’s usually 192.168.0.1, for LinkSys, it’s usually 192.168.1.1.  Enter that address into the address box in your browser.  A username/password dialog box will appear…the default for most router/firewalls is “admin” and “admin” (no quotes), but, again, your manual will tell you this.

 

NOTE: some router/firewall combinations supplied by providers don’t have any manuals.  Look at the make and model of the unit (on the front, back, or bottom, usually), and go out on the web to find a manual or tutorial.

 

Ok, now you’re logged on to your firewall.  One of the first things I’d do, if I were you, is to change the password to something complex (like 7+ characters, at least one uppercase, one lowercase, and one number), because everyone in the world knows the default passwords for these routers, and a port scan can find it.

 

The first thing you should look for is the EXTERNAL IP Address of the router/firewall.  This will be the address you will need to publish on a web site, if you have one, as the address by which players can connect to your CoD(UO) Server.  If you have cable or “home” DSL, this address can change at the whim of your provider.  This will only matter if you’re publishing it on a web site.  Otherwise, the Master Servers will always see the correct address.  If you are publishing to a web site, see the addendum, below, on how to use DynDNS, DirectUPdate, and PHP to ensure your CoD(UO) Server IP Address is always current on your web page.

 

The next thing you need is the INTERNAL IP Address of the CoD(UO) Server.  There should be a section in the router/firewall web configuration called something like “Attached Devices”.  It may be called something else depending upon your router/firewall.  There will be a list of those devices the DHCP server on the router/firewall sees.  One of them will be your PC, the other will be the CoD(UO) Server.  You will then need to create a “reservation” for the CoD(UO) Server’s address, so it doesn’t change.  In order to do this, you need the MAC (hardware) address of your server’s Network Interface Card.  Use “ipconfig /all  (on a Windows Server) to find it.  It’s a number that will look like 00-07-E9-55-33-E6…six blocks of 2 characters each.  Or, you can just take a chance that the router/firewall won’t change the IP Address of your server, and forge ahead, after writing down the IP Address that you found.

 

You now need to create RULES or POLICIES on the INBOUND side of your firewall, so that the appropriate ports are open to your server.  You will first need to create custom SERVICES…these are the actual port descriptions.  I use the following:

 

28900 to 28970 - TCP and UDP

20500 to 20510 - TCP and UDP

20600 to 20610 - TCP and UDP

27900 - TCP and UDP

 

Once those are in, you can then assign a RULE or POLICY to “allow” “any” on these services to the IP Address of your CoD(UO) Server.

 

For you security purists out there, I use a range (rather than the specific ports) due to inherent limitations in most of the "consumer" router/firewalls on the number of Services, Rules, and/or Port Mappings you can have.  I also use both TCP and UDP because I can never remember which it is, and am too lazy to look it up.  Remember, purists, if the server isn't LISTENING on those ports between the start-stop ends of the ranges, nor if it isn't LISTENING with TCP or UDP, or whatever, there shouldn't be a problem.

 

RTFM!  You can really screw yourself up on a firewall if you don’t follow the guidelines.

 

NOTE:  In some router/firewalls, you will need to use the PORT MAPPING section to do this.  If this is the case, then there aren’t RULES or POLICIES, as such.  It’s all handled right within the port mapping section.  Again, RTFM!

 

Basically what you’re saying to the outside world is:

 

When connecting to nnn.nnn.nnn.nnn (this is the outside address of the router/firewall),

on ports 28900-28970, ports 20600 to 20510, and port 27900,

for the TCP and UDP protocols,

ALLOW ANYONE

through to IP Address 192.168.0.5 (used as an example).”

  1. Ok, now, after all that, you’re ready to start your CoD(UO) Server.

For that you’ll need a command-line startup for CoD(UO)MP.EXE (the Call of Duty Multi-Player program) that reflects a DEDICATED status.  That looks like this:

 

"C:\Program Files\Call of Duty\CoDMP.exe" +set dedicated 2 +exec dedicated.cfg +map_rotate

or

"C:\Program Files\Call of Duty\CoDUOMP.exe" +set dedicated 2 +exec dedicated.cfg +map_rotate

 

NOTE that this is for a Windows Server, but the command structure is the same.
The important part of this, for public access, is the “+set dedicated 2” parameter.

 

Addendum, or
(How to Ensure that Your CoD(UO) Server's Correct IP Address Appears on Your Web Site)

NOTE:  If you don't have a web site where you're publishing your CoD(UO) Server, don't bother reading any further.

  1. Use DynDNS

Basically what you're doing here is to to create a Domain Name for your CoD(UO) Server.  This name will point to the OUTSIDE address of your router/firewall.  This is so that people visiting your web site will always be able to see the correct IP Address for your server.  How this is done comes later.  This is the first step, acquiring a host.domain.name.

Go to www.dyndns.org, and, on the left-hand side of the page, you'll see Dynamic DNS.  This page will explain what you're getting into.  On this page, as well, is a list of domains you can use, for free.  Mine is olddog.kicks-ass.net (cute, huh?).  You will need to create an account, use the Domain Registration wizard to do so.

In addition, on this same first page, is a link to third-party "updaters".  I use DirectUpdate, but the others listed there are just as good.  The DynDNS service is free for up to 5 domain names, but, you need to MANUALLY update the address every 30 days.  The third-party tool will take care of that for you.

  1. Use the Third-Party Tool

As mentioned above, I use DirectUpdate.  I installed it on my CoD(UO) Server, and it sits there periodically updating my domain name (olddog.kicks-ass.net) with the current OUTSIDE IP Address of my firewall/router (remember that this is also the IP Address of your CoD(UO) Server...to the rest of the world).  I like DirectUpdate because it runs as a service in the background on a Windows Server.  Follow the directions and help included to set it up.  It's not difficult, as it does only one thing:  updating the IP Address to your domain name on DynDNS. 

  1. Use a Resolver Function on Your Web Site

This is a little trickier, as you need PHP installed on your web server to do this (if your web site is hosted by someone else (as mine is), you will need to ask them whether, or not, they support PHP), and your main page will need to be named .PHP.  Here is the code to do it:

<?php
$ip = gethostbyname('yourhost.yourdomain.com');
echo $ip;
?>

Your HTML line would look something like:

<td width="92%" align="center"><font size="2">Current IP address is:&nbsp; </font>
<font size="3" color="#00FF00"> <?php
$ip = gethostbyname('olddog.kicks-ass.net');
echo $ip;
?>
</font>

Remember that this page needs to be saved as whatever.PHP.  The above CoD(UO)e will ensure (as long as 1. and 2., above are in place) that your web site will always present the correct IP Address, no matter what your ISP may do to you.

Remember this.  You can always do the manual update every 30 days yourself.  I found it to be quite painful, and rather boring, frankly.  You can also pay for DynDNS to do the updates for you.  Read the How-To under the Dynamic DNS heading on the DynDNS.ORG web site, click here: http://www.dyndns.org/services/dyndns/howto.html