potential threats

you are here :[ -->networks-->quake3 linux server howto]

base || coding || networks || linux || contact




The Quake II linux dedicated server HOWTO



this document explains how to install and configure a Quake II (q2) dedicated server on a linux box. it is assumed that you :

* have root shell access to a linux box (remote or local)
* know some linux basics (installing software, ssh, ...)
* know some quake basics (config, mods, basic console commands, ...)
* want to install a quake server ;-)
* you have 'screen' installed on your server (simply install it if you don't have it)
* I'm using a debian server in this example but you should be able to adapt this to your favourite distribution easily
* we'll be installing a r1q2 server for security reasons here (Though this includes all steps necessary to install a normal q2 server and also leaves you with a ready-2-run normal q2 server, using the non-r1q2 server for an internet server is highly discouraged due to many security issues with the original q2 binary!)


Please read my notes on security before making your server public.



Contents

Preamble
* Disclaimer, License and Copyright
* Conventions used in this document
* A note to win32 users
* Contacting the author of this document

Part I - Server Installation
* Step 1 : Create a new user that the Quake Server will be running under
* Step 2 : Copy stuff we need to the Server
* Step 3 : Install Quake 2 and the mods

Part II - Server Configuration
* Step 4 : Create the server config file
* Step 5 : Create the server map rotation file
* Step 6 : Create a shellscript to start the server
* Step 7 : Make sure the Files created in steps 4, 5 and 6 are in the correct locations

Part III - Server Maintenance
* Step 8 : Start your Quake Server
* Step 9 : Quake Server remote Administration
* Step 10 : Stopping your Quake Server

Part IV - Appendix
* Appendix A : Where to go from here
* Appendix B : Quake Servers behind firewalls and NAT / home routers
* Appendix C : Some words on screen
* Appendix D : Security notes
* Appendix E : Links, Sources and Acknowledgements





Disclaimer, License and Copyright

Copyright spirit 2007

I will not accept any responsibility for any incorrect information within this document, nor for any damage it might cause when applied.

You may redistribute and/or modify this document as long as you comply with the terms of the GNU Free Documentation Licence.





Conventions used in this document

Normal text looks like this, commands you have to type look like the next line:

user@localbox> $ ssh user@myserver.tld
root@myserver> # chmod a+x linuxq3apoint-1.32b-3.x86.run

Note that the shell prompt in front of the actual command indicates the user and the machine you have to run the command at:

root@myserver> #

obviously means that you need to run this command as root at your server.





A note to win32 users

This document assumes you're running linux on both the server and the box you use to connect to the server (via ssh) to configure it.

If you're running win32, you'll obviously need to get a ssh / scp client like putty for that OS first.

If this sounds strange to you get some info on linux and ssh before you try to use this howto.





Contacting the author of this document



Please do not ask me to install a quake server for you, I won't. I obviously don't need any reasons for that but here's a few anyways:

* This howto explains how to do it. If you don't understand it you need to learn more on linux or write me an email explaining exactly which part of this document you don't understand so I can improve it.

* If you don't setup the server yourself you won't by able to maintain it: it will be down after the next reboot, it will become insecure because you don't know how to update it.

* You shouldn't offer others root access to your server (that would obviously be necessary to have someone else configure it for you)

* If you don't know a thing about linux rent a game-server from some company, don't rent a root server.

* I don't have time to setup your server.

* I don't want to setup your server.



Also refrain from asking me how to use ssh, scp, rcon, iptables and vim in general (see notes above).

Apart from that, feel free to contact me with comments, error reports and suggestions on how to improve this document.





Step 1 : Create a new user that the Quake Server will be running under

There is no need to run a quake 2 server as root, and doing so is a very bad idea. Running it under your standard user account isn't a good idea either. So we will add a new user called 'quake2' that the server will use.

1) connect to the server, become root

user@localbox> $ ssh user@myserver.tld

2) become root, create the user

user@myserver> $ su
root@myserver> # useradd -g users -d /home/quake2 -s /bin/bash -m quake2





Step 2 : Copy stuff we need to the Server

this can be done via scp, ftp or whatever, ftp should be faster than ssh. you may also use wget to get the stuff.



1) copy the required pak-files from your q2 CD (or from your harddisk) to your server

user@localbox> $ scp pak*.pak quake2@myserver:/home/quake2/

2) copy or download the r1q2 server binary and the r1q2updater to your server. Get both from r1ch.net or some mirror and be sure to choose the version that fits your needs (r1q2ded for newer mods and r1q2ded for vanilla q2 and older mods, see readme).

user@localbox> $ scp r1q2ded-old.zip r1q2updater.zip quake2@myserver:/home/quake2/

3) copy any mod you want to install to your server (optional)

user@localbox> $ scp some_mod_linux.zip quake2@myserver:/home/quake2/





Step 3 : Install Quake 2 and the mods

R1Q2 is not designed to read settings/files from ~/.quake2/ and it is recommended to create an installation of q2 in the $HOME of the user. So I'll assume that q2 will be installed at /home/quake2/quake2/ for this HOWTO. Installation is pretty obvious :

1) copy and install the newest quake2 version / update for linux to your server

Get the tgz that fits your architecture from id Software and install it. Should look similar to this:

quake2@server> $ mkdir -p /home/quake2/quake2/
quake2@server> $ cd /home/quake2/quake2/
quake2@server> $ wget ftp://ftp.idsoftware.com/idstuff/quake2/unix/quake2-3.20-glibc-i386-unknown-linux2.0.tar.gz
quake2@server> $ tar xzf quake2-3.20-glibc-i386-unknown-linux2.0.tar.gz



2) Copy the pak0.pak, pak1.pak and pak2.pak files to your q2 directory

quake2@myserver> $ mv pak*.pak /home/quake2/quake2/baseq2/

3) Install any mods you want in the /home/quake2/quake2/ directory you just created (not into /home/quake2/quake2/baseq2/) (optional).

quake2@myserver> $ mv some_mod_linux.zip ~/quake2/
quake2@myserver> $ cd ~/quake2/
quake2@myserver> $ unzip some_mod_linux.zip

4) Install the r1q2 executable and the in your quake2 directory and make them executable.

quake2@myserver> $ mv r1q2ded-old.zip r1q2updater.zip ~/quake2/
quake2@myserver> $ cd ~/quake2/
quake2@myserver> $ unzip r1q2ded-old.zip r1q2updater.zip
quake2@myserver> $ chmod a+x r1q2ded-old r1q2updater





Step 4 : Create the server config and maprotation file

Create the q2 config files that your server will use.

A very basic server.cfg comes with Quake II, it should look similar to this one (note that I renamed it to q2srv.cfg here):

// ********************** START OF Q2 SERVER FILE **********************
// FILENAME : /home/quake2/quake2/baseq2/q2srv.cfg

set hostname "CHANGEME"
set ServerAdmin "CHANGEME"
set email "CHANGEME"
set webpage "http://CHANGEME"
set deathmatch "1"
set rcon_password "CHANGEME"
set timelimit "30"
set fraglimit "100"
set maxclients "16"
set allow_download "1"
set allow_download_players "0"
set allow_download_models "1"
set allow_download_sounds "1"
set allow_download_maps "1"
set public "1"
set setmaster "q2master.planetquake.com master0.gamespy.com satan.idsoftware.com"
set mapqueue "maps.lst"
map q2dm1

// ********************** END OF Q2 SERVER FILE **********************

You'll also need a more advanced r1q2 config file.

Use the r1q2 config generator to generate one, it should look similar to this one (WARNING: adapt the passwords if you copy the example file given here!) :

// ********************** START OF R1Q2 SERVER FILE **********************
// FILENAME : /home/quake2/quake2/baseq2/r1q2srv.cfg

set sv_restartmap "q2dm1"
set sv_filter_userinfo "1"
set sv_filter_stringcmds "1"
set sv_blackholes "1"
set sv_allownodelta "1"
set sv_iplimit "3"
set sv_connectmessage "Welcome to the CHANGEME Quake II server"
set sv_nc_visibilitycheck "0"
set sv_max_download_size "9000000"
set sv_downloadserver "http://CHANGEME/quake2/files/"
set sv_download_drop_file ""
set sv_download_drop_message "Sorry, you don't have a required file. See http://CHANGEME for more info."
set sv_mapdownload_ok_message "A map file you don't have is automatically downloaded atm..."
set sv_mapdownload_denied_message "Sorry, download of a map you need to connect failed.\n See http://CHANGEME for more info."
set sv_max_netdrop "20"
set sv_hidestatus "0"
set sv_hideplayers "0"
set sv_fpsflood "250"
set sv_randomframe "0"
set sv_uptime "0"
set sv_gamedebug "0"
set sv_strafejump_hack "1"
set sv_reserved_slots "2"
set sv_reserved_password "CHANGEME"
set sv_allow_map "0"
set sv_allow_unconnected_cmds "0"
set sv_strict_userinfo_check "0"
set sv_calcpings_method "1"
set sv_no_game_serverinfo "0"
set sv_ratelimit_status "10"
set sv_new_entflags "0"
set sv_validate_playerskins "1"
set sv_idlekick "600"
set sv_packetentities_hack "0"
set sv_entity_inuse_hack "0"
set sv_force_reconnect ""
set sv_enforcetime "1"
set sv_download_refuselimit "0"
set sv_blackhole_mask "32"
set sv_badcvarcheck "1"
set sv_rcon_showoutput "1"
set sv_show_name_changes "1"
set sv_enhanced_setplayer "1"
set sv_predict_on_lag "0"
set sv_format_string_hack "0"
set sv_lag_stats "0"
set sv_max_packetdup "0"
set sv_func_entities_hack "0"
set net_maxmsglen "1390"
set net_ignoreicmp "0"
set sv_anticheat_required "0"
set sv_anticheat_error_action "0"
set sv_anticheat_message "You need the r1q2 anticheat module to connect."
set sv_anticheat_badfile_action "2"
set sv_anticheat_badfile_message "Anticheat module detected bad file at your host. All other players were notified of this."
set sv_anticheat_badfile_max "0"
set sv_anticheat_nag_time "0"
set sv_anticheat_nag_message ""
set sv_anticheat_nag_defer "0"
set sv_anticheat_show_violation_reason "1"
set sv_anticheat_client_disconnect_action "0"
set sv_anticheat_disable_play "0"
map q2dm1

// ********************** END OF R1Q2 SERVER FILE **********************





Step 5 : Create a shellscript to start the server

We'll use the unix program 'screen' in this script, so again make sure you have installed it.

An example startup script is given below. Don't forget to adapt your servers IP, port and any name you want to identify the server.

Some notes on adapting the script to your needs:

* choose a port > 1024. Port 27910 is recommended because it's the standard q2 port.

* you can easily start multiple q2a servers if you set a different port for each of the servers.

Here's an insecure startscript (for testing / debugging purposes if problems occur only!) that launches a normal (non-r1q2) q2 server:

// ********************** START OF INSECURE SHELLSCRIPT TO START THE SERVER **********************
// FILENAME : /home/quake2/start-airrocket-insecure-testq2-server.sh

#!/bin/sh
ip="CHANGEME"
port="27911"
name="q2insecure"
q2dir="/home/quake2/quake2/"

echo WARNING: running insecure q2 server $name on $ip : $port

cd $q2dir
screen -A -m -d -S $name ./quake2 +set dedicated 1 +set ip $ip +set port $port +exec q2srv.cfg +set deathmatch 1 +map q2dm1 &


// ********************** END OF INSECURE SHELLSCRIPT TO START THE SERVER **********************


Here's the final script we'll use that launches the r1q2 server:

// ********************** START OF SHELLSCRIPT TO START THE R1Q2 SERVER **********************
// FILENAME : /home/quake2/start-airrocket-r1q2-server.sh

#!/bin/sh
ip="CHANGEME"
port="27910"
name="r1q2"
q2dir="/home/quake2/quake2/"

echo running server $name on $ip : $port

cd $q2dir
screen -A -m -d -S $name ./r1q2ded-old +set dedicated 1 +set ip $ip +set port $port +exec q2srv.cfg +exec r1q2srv.cfg +map q2dm1 &



// ********************** END OF SHELLSCRIPT TO START THE R1Q2 SERVER **********************

So what does that script do? It uses screen (a unix screen manager) to run the quake server in a detached screen session named r1q2. This is needed to keep the quake server running when you disconnect from the remote host.

Make sure to read Appendix C : Some words on screen of this document if you don't know screen.

Because quake2 is not a daemon process, it is attached to your terminal session and your q2 server would go down if you didn't use screen and quit the shell (type 'exit' or 'logout' in ssh/bash). This isn't what we want, so we use screen. Read 'man screen' if you don't know how to use screen.

The name of the screen session ('r1q2')can be used to bring the server back to your terminal by logging in via ssh or whatever and restoring the detached screen session of the server by typing

quake2@myserver> $ screen -r sessionname

To see the list of screen session for the current user, type

quake2@myserver> $ screen -list

Step 6 : Create a maprotation file

The maprotation file should be named as specified in your server configfile ('set mapqueue "maps.lst"'), I'll assume 'maps.lst' here. It should consist of the name of one map (without path or file extension) per line, nothing else.



// ********************** START OF MAPROTATION FILE **********************
// FILENAME : /home/quake2/quake2/baseq2/maps.lst

q2dm1
q2dm2
q2dm3


// ********************** END OF MAPROTATION FILE **********************

Add more maps as you like.







Step 7 : Make sure the Files created in steps 4, 5 and 6 are at the correct locations (if not done yet)

If you're using the scripts shown above, you should place them in the following locations :

* q2 server configuration file (q2srv.cfg) :

/home/quake2/quake2/baseq2/

* r1q2 server configuration file (r1q2srv.cfg) :

/home/quake2/quake2/baseq2/

* q2 server maprotation file (maps.lst) :

/home/quake2/quake2/baseq2/

* q2 server startup shell script (start-airrocket-r1q2-server.sh) :

/home/quake2/





Step 8 : Start your Quake Server

Yeah, let's rock! (Remember to run the script as the quake2 user you created, do not run it as root!)

quake2@myserver> $ cd
quake2@myserver> $ ./start-airrocket-r1q2-server.sh

That's it, it runs! Have a look with the 'ps' command and try to connect to it.





Step 9 : Quake Server remote Administration

Quake servers are usually administrated remotely via rcon. The rcon command of the q2 console lets you execute quake commands on a remote q2 server.

The usage of rcon is protected by an rcon password that you have set in the server config file ('set rcon_password "change_me"').

1) Start the rcon connection to your quake server

This can be done in two ways : most of the time you will simply connect to the server via quake 2 as a player - done.

If this is not possible (maybe the server is full and there are no private slots), you start quake3 on your local box and type the following command in the quake console :

/set rcon_address "server_ip:server_port"

2) Authenticate via your rcon password

Start a quake console and type :

/set rcon_password "rconpassword"

You can also put the password in your client configfile, of course.

3) Execute quake commands on the server :-)

start a quake console and type '/rcon' followed by any quake server command. examples :

/rcon status
/rcon kick camper
/rcon gamemap q2dm3





Step 10 : Stopping your Quake II Server

There are few reasons why you would ever want to stop a q2 server of course, but there's nothing special to it. Just get the pid of the correct screen process via something like

quake2@myserver> $ ps aux | grep screen | grep servername

and kill the process :

quake2@myserver> $ kill pid

Servername should be the name you specified in the startup script (i.e. 'r1q2').





Appendix A : Where to go from here

You may want to :

* read the security notes to prevent lots of trouble (like getting hacked)

* create a http file repository so clients can autodownload files with highspeed via your normal webserver (like apache) without quitting q2 (see r1q2 forum)

* install additional mods and run multiple quake servers. this is made very easy by the scripts provided as you may already have noticed, see step 6 for more info

* setup a voice communication system like teamspeak for your clan members to use

* get some additional maps for your server





Appendix B : Quake II Servers behind firewalls and NAT / home routers

People who want to connect to your server to play require access to the Quake II Server port range on your machine. If you setup a server from within quake 2 using the in-game menu, the port 27910 will be used. If you setup your server as described in this document and/or have multiple servers running, you had to choose a port for every quake server you are running. If you are running 3 servers, you may have picked ports 27910, 27911 and 27912. All ports are UDP, not TCP.

If you are running a quake server on a linux server that is using the IPTABLES firewall, you should add a rule to allow the quake ports (see above) in. You may want to do this using your webinterface or by adding a line like the following to your ruleset :

iptables -A INPUT -p udp -m udp --dport 27910:27912 -j ACCEPT

You should be done with that. The next part describes how to prepare your personal firewall and home router to run a quake server at home that allows public connections from the internet.

The configuration of your personal firewall should be quite easy, check the manual if you don't know how to allow connections on a specific port. Most firewalls will allow you to select allowed services (like 'HTTP / webserver, port 80-tcp') from a list, but as Quake 3 will usually not be listed there, you'll have to select something like 'costum service' and set the protocol ('UDP') and port (i.e. '27910', see above) or port range (i.e. '27910:27912') manually.

Configuring your home or DSL router isn't very hard either, but it is necessary if you are using one because network packets from quake clients will hit the public IP of your router and thus it needs to know where to send those packets. (Recall that there may be more than one machine in your network and that this is an incoming connection, not an outgoing one where the router knows who asked for the packets.)

Login to the router - this is usually done via http by entering something like 'http://192.168.0.1' in the address bar of your favourite browser and supplying a username and password - and search for a configuration option named 'Port Forwarding' or similar that can usually be found in the NAT (Network Address Translation) settings. Enter your quake II server ports (see above) and forward them to the private IP address of your quake server on the local network (something like '192.168.0.x', x > 1 in many cases). Note that your server should be configured to use a static IP in the Operating System.





Appendix C : Some words on screen (1)



Screen is a very powerfull tool and you should make yourself familiar with it if you don't know it.

Reading the screen man page ('man screen') is helpful and a good idea, but it's huge and gets pretty technical so you may want to start with something else first. Try some screen primer, like the one at jmcpherson.org to get some more ideas of what you can do with screen.

Some quick tips:

Use "ctrl-a d" to detach from screen and keep it running in the background (typing 'quit' or pressing ctrl-c will stop your q2 server).

You can use 'screen -x sessionname' to attach to a screen session without detaching from other sessions. This may come in handy if you have more than one person with shell access to the server and/or use multiple machines to keep an eye on the server.

Pressing "ctrl-a ?" shows the build-in help of screen.





Appendix D : Security notes

Some tips on server security:

* NEVER EVER RUN YOUR QUAKE SERVER WITH ROOT PRIVILEDGES!

* Remember that while R1Q2 is a secure replacement for the standard quake 2 server, you can still get in trouble by running an insecure mod or admin tool.

* Make sure you use the latest available version of all q2 software components by searching Google and r1ch's forum for security updates for r1q2, your mods and admin tools (if you use any) from time to time.

* setup cron to run the r1q2updater on a regular basis

* Consider subscribing to the r1q2 security mailinglist.

* See Appendix B - Quake II Servers behind firewalls and NAT / home routers for info on firewalling your server with iptables





Appendix E : Links, Sources and Acknowledgements

Information given in this tutorial was taken from a number of sources, hopefully all are listed below:

* the r1q2 readme and forums

* my Quake III Arena Dedicated Server Howto (this file is an adapted version of it)

* the tldp.org q2 game server howto









base || coding || networks || linux || contact