Using VPS as a proxy

Discussion in 'Systems Administration' started by Maxx_Qc, Jul 29, 2020.

  1. Hey guys, I am currently home hosting a minecraft server and I am using an OVH VPS server with SSLH as a proxy server. The problem is that SSLH only works with one port, for example anyone using the VPS ip:25565 on minecraft will connect to my home server ip:25565. The thing is I have more than one port to use. I need a port for votifier, one for connection and one for RCON. Is there any way that I could use the VPS ip as my home server ip? Meaning that anyone using VPS ip with port 8456 will be redirected to my home server ip with the same port.

    I hope this can be done,
    thanks for your help :)
     
  2. I do this for other reasons, but I can help.
    Add me on discord, I'll help you out: Aderm#5779
     
  3. Š’ungeecord, VPN, tunneling and NAT
    If I were you, I would launch a proxy, create a domain and add DNS records there for redirection.
    And on the VPS itself, I would simply set up NAT to redirect traffic from the ports of the physical network interface (your real ip) to the virtual VPN interface, which would lead to the game server.
    For VPN I recommend WireGuard (it's easy to use).

    P.S. By the way, tell me how you were able to purchase VPS from OVH, I've been waiting for a week from them, but they are silent ...
     
  4. all of that is too complicated for someone like me that doesn't know anything about networking
    I'm from canada and here VPS always has been available : https://www.ovhcloud.com/en-ca/vps/
     
  5. You could setup a bungeecord server on your VPS connected to your server(s) at home.

    For votifier and rcon: is there a reason you don't want to have these connect to your home server directly?
     
  6. most likely he is afraid of a DDoS attack, and wants to hide his server as much as possible
     
  7. Yeah, I thought of that, but since all players connect through his VPS I dont think this problem is very significant anymore
     
  8. Yes but now I have 2 servers: a private one for me and my friend and a public one. The thing is I do not want my friends to have access to my IP so I have to setup some kind of proxy that could transfer all traffic.
     
  9. I see. However, if your friends don't need rcon access, setting up a bungeecord server will suffice.

    Anyways, if you really need to hide other ports as well, you could take a look at NGINX tcp proxying. If you take a look at https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/#proxy_pass I think it will be pretty straight forward. I would not recommend setting up NGINX to proxy minecraft traffic as well, since I'm not sure what the performance implications will be and you'll lose the ip information of the player, so set up a bungeecord for that.
     
  10. I got it using only iptables port forwarding with this command:

    sudo iptables -t nat -A PREROUTING -p tcp --dport 25565 -j DNAT --to-destination ip:25565
     
  11. Try WireGuard. It is easy enough to configure and run, while it has traffic encryption.
    Launch VPN, set up a virtual network interface and connect your game server to it. By connecting to a VPS, traffic will be redirected to your minecraft server wherever it is, but the player will always see only one IP - the IP of your VPS.

    For reference.
    Some cheating clients of the game have the ability to extract the ip address of a server located even behind the bungeecoord network.
    Also, if you have configured direct traffic forwarding via VPS, try to check all your active connections while on your game server and make a trace. You will be surprised when you see the destination address.
     
  12. How can I check for active connections