Attempting to Firewall backend servers, to stop cracked clients

Discussion in 'BungeeCord Help' started by PixelsAreFood, Jul 8, 2015.

  1. I was having issues with cracked clients connecting and opping themselves. So I researched it quite a bit and realized I'm suppose to use IPTables to prevent players from connecting to any port aside from my BungeeCord proxy port (25565). So I blocked the ports to my hub (25566), my 3 main servers (25567-25569). However, now that I've told my iptables firewall to drop packets to these ports, players cannot join. The packets are sent, however players are returned with the following error:
    Could not connect to default or fallback server, please try again later: io.netty.channel.ConnectTimeoutException

    Players are able to connect when I turn off the iptables firewall.
    I'm under the impression that players are suppose to connect only to the BungeeCord proxy, which passes them along locally. However it seems this isn't true because of this error.
    The problem is, if I turn off the firewall, cracked clients can directly connect to my hub and my other 3 backend servers.

    I run a very large pixelmon server, it's been offline for around 30+ hours. I've been researching and reading many different bungeecord guides. I don't see what I'm doing wrong. Can anyone help me shed some light on this?

    I have Skype and Teamviewer if you're feeling like helping me out. I don't mind rewarding you in-game for your help. I have the third largest pixelmon server if you're interested.

    Thank you very much, Cade.

    Edit:
    Here's my BungeeCord config.
    http://pastebin.com/JSXfvi3Q
    I've blocked ports 25566 to 25569 with iptables (Linux firewall). Players are connecting to 25565, and receiving the error:
    Could not connect to default or fallback server, please try again later: io.netty.channel.ConnectTimeoutException
     
    #1 PixelsAreFood, Jul 8, 2015
    Last edited: Jul 8, 2015
  2. Install IPWhitelist and configure it, then users cannot connect to the servers themselves without going to through Bungee.
     
  3. Well impression of BungeeCord connection is correct and you shouldn't be getting that connection error, which most likely indicates that you've done the iptables incorrectly (This guide works swimmingly - Also verify that Bungeecord is set to true in Spigot configs and that ip_forward is set to true in Bungee; which is). But for an easier approach, Atmazphere is correct, IPWhitelist is a wonderful plugin that does just the job.

    As an unrelated side note though, I noticed your Bungee configuration server entry IP's are all DNS instead of numerical values. I'm honestly not sure if it's a noticeable hindrance on performance or not, but data (players or plugins) would have to undergo a DNS lookup each time they go to a different server, which although is a small delay, can add up if you've got a lot of traffic. The fix of course would be to replace each IP with the raw 167.114.173.54. (Unless, that is, your server has a dynamic IP; If that's the case, totally ignore what I just said)