IPTables BungeeCord Help

Discussion in 'Systems Administration' started by AJ844FB, May 19, 2016.

  1. Hi there, I have 5 Ubuntu 14.04 dedicated server boxes for running servers. One is for bungeecord and the other 4 are for different gamemodes. My plan is to have all players join through one IP address (the bungeecord IP) and not be allowed to join any of the other offline spigot servers. Could someone please help me how to configure iptables firewall. and on what machines should i run each command from? I have read the Spigot Firewall Guide but if I mess something up I dont want to be locked out of the machine.
  2. Hello, what your try to do is very possible. Here are a couple things you should now before continuing. I don't use IpTables, I use UFW instead, they're kinda the same thing. Ubuntu come pre-installed with the tool UFW. UFW that can be used to configure your firewall policies. Your basic strategy will be to lock down everything that we do not have a good reason to keep open.

    Don't turn on UFW till you are doing, or you will lock yourself out... :p Did that once...

    Here the stuff you want to leave open like ssh, ftp, website, etc:

    Must have!

    Code (Text):

    ufw allow ssh
    Code (Text):

    sudo ufw allow 4444/tcp
    Optional, ports to keep open.
    I would keep open, just in case, because it may mess up your control panel or give you problems in the future.

    Web server
    Code (Text):

    sudo ufw allow 443/tcp
    SMTP Email
    Code (Text):

    sudo ufw allow 25/tcp
    Code (Text):

    sudo ufw allow 80/tcp
    Allow the port your server is using

    Code (Text):

    sudo ufw allow 25565
    Your almost done :)
    Now check if you did everything correct and turn it on.

    Code (Text):

    sudo ufw show added
    If everything you added is their, turn it on with this command.

    Code (Text):

    sudo ufw enable
  3. thanks this helps a ton. what commands would you use for UFW for a bungeecord network? and on what machines would you do this on? do you have to do UFW on just bungee or all servers?
  4. Ah, yes... I should have talked about this more. You will have to do this on all your servers. The command to allow the port for your bungeecord server is,

    Code (Text):

    sudo ufw allow 25565
    change 25565 to your port of your bungeecord server or minecrat server. If you are have multiply servers on one machine you would have to do this command multiply times with all the ports to your servers.
    • Like Like x 1
  5. And also, wouldn't another person be able to connect to your backend server with their own bungeecord server?
  6. They can do this already through an unknown bug in BungeeCord.
  7. No it's not a bug... it's how proxies just work. If you configure your firewall correctly you won't have an issue, read the firewall guide.
  8. It's not a bug in java?
  9. Yes, sorry never thought of that. I am use to using one machine
  10. Could someone please help me with iptables with a bungeecord network with multiple boxes? What commands should I run and on what machine?
  11. No of course not. It's because your servers are open publicly for any proxy to connect to.
    • Agree Agree x 1
  12. Oh, you're talking about a different thing, nvm^^
    • Optimistic Optimistic x 1
  13. I think how you could fix this is by making port 25565 (what ever port your server is on) whitelisted to the bungee server, I have no idea how to do this though, but I bet their is a tutorial out there.
  14. It is confusing for a bungee network for a person who is just learning about it. Could you please help me out with the commands and on what bungee network
  15. Sure, Skype would probably be the easiest way. Just PM me your Skype.