Want a better Minecraft server? Read about SpigotMC here!
Separate names with a comma.
Discussion in 'BungeeCord Discussion' started by Creeper96_, Jul 7, 2013.
How i block the direct connection of the players without bungeecord?
Are the the backend servers on separate IPs or are they on the same dedicated machine? If on the same machine, you don't need to open the ports to the outside world (and have the IPs of the backend servers set to 127.0.0.1 in the Bungee config).
If the backend servers are on different machines, then you should use iptables (on Linux) or any firewall to only allow access to the port from the Bungee IP.
it's all in the same machines, can exist any plugin to kick no proxied player?
Bind the spigot servers to 127.0.0.1, so only people from localhost can connect. (the people from the bungee)
Also, you *should* have a firewall on the machine that only opens the ports you need open - just 25565 and SSH?
Whats the advantage of such a firewall? (other than the scenario mentioned here)
A firewall (edit: That default blocks all and only allows what you manually add rules for) that only opens the ports you specify can prevent a number of potential security issues.
A few example of how this would protect you:
If you had a plugin which opened a backdoor running on some other port allowing remote command execution (especially scary if the server is running as root!)?
You may have other services on the machine that you aren't fully aware of that could have security vulnerabilities in them. A badly configured SMTP server? Maybe some NFS or SAMBA installed?
To be honest, most usage examples I can think of involve when wanting to limit certain IP addresses to connect, or just a safety net in case you have some other backdoors on other ports - If you are sure that the only ports listening on your IP are the ones you want open, then I guess you are fine. Still, bad security practice.
yesterday i have tried to block the port of the spigot server using the iptables
the port 25564,25554,25575
The players connected to the bungeecord lost the connection and they cannot connect to the server.
iptables -A INPUT -p tcp --destination-port 25564 -j DROP
BungeeCord is in the same machine of the spigot servers.
I use SSH, FTP, VNC and minecraft, i have enable MySQL remote connection,too, because i use BanManagement in other hosting web.
YOU USE MINECRAFT???