Discussion in 'Systems Administration' started by Xx_Will33_xX, Aug 5, 2019.

  1. Hello,

    I'm currently having some trouble protecting a spigot server on another machine from the BungeeCord

    BungeeCord IP (exemple):
    Spigot IP (exemple):

    Code (Text):

    iptables -F
    iptables -X
    iptables -I INPUT ! -s -p tcp --dport 33658 -j DROP
    iptables -I INPUT ! -s -p udp --dport 33658 -j DROP
    With this rule, users can not connect ConnectTimeoutException

    BungeeCord config:

    Code (Text):

    - query_port: 25565
      motd: '&1BungeeCord'
      tab_list: SERVER
      query_enabled: true
      forced_hosts: []
      ping_passthrough: false
      bind_local_address: true
      max_players: 400
      tab_size: 90
      force_default_server: true
      - auth
      proxy_protocol: false
    network_compression_threshold: 256
      admin: []
    log_pings: true
    connection_throttle_limit: 3
    prevent_proxy_connections: false
    timeout: 30000
    inject_commands: false
    player_limit: 400
    restricted: false
    ip_forward: true
      - admin
    connection_throttle: 4000
    log_commands: true
    stats: 37f6d606-278e-4bb0-bbdb-dfd4ab102e35
    online_mode: true
    forge_support: false
    - disabledcommandhere
        motd: '&1Skyblock'
        restricted: false
  2. foncused

    Moderator Patron

    Players connect to and the proxy sends them off to the Spigot server ( Your current iptables lines are dropping traffic to from any source IP other than, but you also need to allow traffic from your proxy.

    Basically, the firewall on would need to allow connections to TCP 25565 (and whatever else, e.g. SSH, ICMP) and drop anything not explicitly allowed.
    Code (Bash):
    # Firewall on
    iptables -A INPUT -p tcp -m tcp --dport 25565 -j ACCEPT
    iptables -A INPUT -s <your IP> -p tcp -m tcp --dport 22 -j ACCEPT
    # any other rules
    iptables -A INPUT -j DROP

    Then do the same with the firewall on but with TCP 33658 and specify the source IP of your BungeeCord proxy. You can open UDP too if you want to enable query (I recommend doing so at the proxy level).
    Code (Bash):
    # Firewall on
    iptables -A INPUT -s -p tcp -m tcp 33658 -j ACCEPT
    iptables -A INPUT -s <your IP> -p tcp -m tcp --dport 22 -j ACCEPT
    # any other rules
    iptables -A INPUT -j DROP

    Then your BungeeCord config.yml can be set to host: