Hi there, I have 5 Ubuntu 14.04 dedicated server boxes for running servers. One is for bungeecord and the other 4 are for different gamemodes. My plan is to have all players join through one IP address (the bungeecord IP) and not be allowed to join any of the other offline spigot servers. Could someone please help me how to configure iptables firewall. and on what machines should i run each command from? I have read the Spigot Firewall Guide but if I mess something up I dont want to be locked out of the machine.
Hello, what your try to do is very possible. Here are a couple things you should now before continuing. I don't use IpTables, I use UFW instead, they're kinda the same thing. Ubuntu come pre-installed with the tool UFW. UFW that can be used to configure your firewall policies. Your basic strategy will be to lock down everything that we do not have a good reason to keep open. Don't turn on UFW till you are doing, or you will lock yourself out... Did that once... Here the stuff you want to leave open like ssh, ftp, website, etc: Must have! Code (Text): ufw allow ssh Code (Text): sudo ufw allow 4444/tcp Optional, ports to keep open. I would keep open, just in case, because it may mess up your control panel or give you problems in the future. Web server Code (Text): sudo ufw allow 443/tcp SMTP Email Code (Text): sudo ufw allow 25/tcp Website. Code (Text): sudo ufw allow 80/tcp Minecraft Allow the port your server is using Code (Text): sudo ufw allow 25565 Your almost done Now check if you did everything correct and turn it on. Code (Text): sudo ufw show added If everything you added is their, turn it on with this command. Code (Text): sudo ufw enable
thanks this helps a ton. what commands would you use for UFW for a bungeecord network? and on what machines would you do this on? do you have to do UFW on just bungee or all servers?
Ah, yes... I should have talked about this more. You will have to do this on all your servers. The command to allow the port for your bungeecord server is, Code (Text): sudo ufw allow 25565 change 25565 to your port of your bungeecord server or minecrat server. If you are have multiply servers on one machine you would have to do this command multiply times with all the ports to your servers.
And also, wouldn't another person be able to connect to your backend server with their own bungeecord server?
No it's not a bug... it's how proxies just work. If you configure your firewall correctly you won't have an issue, read the firewall guide.
Could someone please help me with iptables with a bungeecord network with multiple boxes? What commands should I run and on what machine?
I think how you could fix this is by making port 25565 (what ever port your server is on) whitelisted to the bungee server, I have no idea how to do this though, but I bet their is a tutorial out there.
The firewall guide here should work for what you are trying to do: https://www.spigotmc.org/wiki/firewall-guide/
It is confusing for a bungee network for a person who is just learning about it. Could you please help me out with the commands and on what bungee network
