Avoid direct connection player without BungeeCord

Discussion in 'BungeeCord Discussion' started by Creeper96_, Jul 7, 2013.

  1. How i block the direct connection of the players without bungeecord?
     
  2. Are the the backend servers on separate IPs or are they on the same dedicated machine? If on the same machine, you don't need to open the ports to the outside world (and have the IPs of the backend servers set to 127.0.0.1 in the Bungee config).

    If the backend servers are on different machines, then you should use iptables (on Linux) or any firewall to only allow access to the port from the Bungee IP.
     
  3. it's all in the same machines, can exist any plugin to kick no proxied player?
     
    • Friendly Friendly x 1
  4. joehot200

    Supporter

    Bind the spigot servers to 127.0.0.1, so only people from localhost can connect. (the people from the bungee)
     
    • Agree Agree x 1
  5. Also, you *should* have a firewall on the machine that only opens the ports you need open - just 25565 and SSH?
     
  6. joehot200

    Supporter

    I dont :oops:

    Whats the advantage of such a firewall? (other than the scenario mentioned here)
     
  7. A firewall (edit: That default blocks all and only allows what you manually add rules for) that only opens the ports you specify can prevent a number of potential security issues.
    A few example of how this would protect you:
    • If you had a plugin which opened a backdoor running on some other port allowing remote command execution (especially scary if the server is running as root!)?
    • You may have other services on the machine that you aren't fully aware of that could have security vulnerabilities in them. A badly configured SMTP server? Maybe some NFS or SAMBA installed?
    To be honest, most usage examples I can think of involve when wanting to limit certain IP addresses to connect, or just a safety net in case you have some other backdoors on other ports - If you are sure that the only ports listening on your IP are the ones you want open, then I guess you are fine. Still, bad security practice.
     
    #8 LukeHandle, Jul 7, 2013
    Last edited: Jul 7, 2013
    • Informative Informative x 2
  8. yesterday i have tried to block the port of the spigot server using the iptables

    the port 25564,25554,25575

    The players connected to the bungeecord lost the connection and they cannot connect to the server.

    iptables -A INPUT -p tcp --destination-port 25564 -j DROP

    BungeeCord is in the same machine of the spigot servers.

    I use SSH, FTP, VNC and minecraft, i have enable MySQL remote connection,too, because i use BanManagement in other hosting web.
     
  9. joehot200

    Supporter

    YOU USE MINECRAFT??? :eek:
     
    • Funny Funny x 1