Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Secure way to host a public server

dt



326 posts

Ultimate Geek
+1 received by user: 41


Topic # 242898 19-Nov-2018 14:06
Send private message quote this post

Hi, I looking at throwing up an old quake world server for the community and was wondering the most secure was to do this?

 

Im just using a residential Orcon connection so only have one public facing address.. I'm using a pfsense firewall and thought perhaps I could setup a separate VLAN to put the server on and port forward to that server keeping it outside of my home network

 

If that is completely wrong, you have probably already guessed I have no idea what im doing here :) but i'm a computer/network hobbyist so would like to give whatever is suggested as best practice for my type of setup 

 

or am I being paranoid that someone might gain access to my network by knowing my IP address? 

 

Cheers,

 

DT 

Create new topic
6276 posts

Uber Geek
+1 received by user: 1949

Trusted

  Reply # 2129446 19-Nov-2018 14:24
Send private message quote this post

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 




 

3682 posts

Uber Geek
+1 received by user: 1390

Subscriber

  Reply # 2129447 19-Nov-2018 14:26
2 people support this post
Send private message quote this post

Sticking it on a separate VLAN is a good start. Then make some firewall rules to not allow traffic from that subnet to your main subnet.

 
 
 
 


925 posts

Ultimate Geek
+1 received by user: 606

Trusted

  Reply # 2129488 19-Nov-2018 15:11
3 people support this post
Send private message quote this post

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

 

 

noip just gives you a CNAME, It offers no protection against DOS attacks etc.

353 posts

Ultimate Geek
+1 received by user: 84


  Reply # 2129737 19-Nov-2018 18:33
Send private message quote this post

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

If a firewall is half decent you can just enable connection limits per IP, that tends to inhibit DoS attacks. If you're hosting NZ mates, geo-ip filtering is a good idea as well.

353 posts

Ultimate Geek
+1 received by user: 84


  Reply # 2129738 19-Nov-2018 18:33
2 people support this post
Send private message quote this post

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

If a firewall is half decent you can just enable connection limits per IP, that tends to inhibit DoS attacks. If you're hosting NZ mates, geo-ip filtering is a good idea as well.

dt



326 posts

Ultimate Geek
+1 received by user: 41


  Reply # 2130130 20-Nov-2018 11:39
Send private message quote this post

Ok will give setting up another vlan a crack with no access to the home network.

 

Are there any other suggestions?

 

Every time i've tried connecting to a quake server using a dns name it always shows the IP address during the connection i.e connect my.quakeserver.com > connecting to xxx.xxx.xxx.xxx 

 

In this case would it still show my IP address or an IP address of NOIP? also all the quake server browsers show the IP addresses rather than hostnames? Maybe just an old quake thing? 

3682 posts

Uber Geek
+1 received by user: 1390

Subscriber

  Reply # 2130136 20-Nov-2018 11:48
Send private message quote this post

Unless No-IP proxy to your server (which I highly doubt they would want to do for free), it's always going to show your IP address. But don't get caught up on that, just understand that if you have a public server, your IP is quite easily found - it's just how it is.

 

As @vulcannz said, some rules to drop IP's that attempt TCP floods and port scanners are a good idea to slow down normal DoS attacks, but never full proof. Some hardware accelerated routers can deal with things a bit better when the CPU doesn't need to be involved - something you can't avoid with pfSense.

 

But just go for it, worst that can happen is you get DDoS'd, your ISP gets grumpy, you say sorry and shut down the server.

14285 posts

Uber Geek
+1 received by user: 2590

Trusted
Subscriber

  Reply # 2130139 20-Nov-2018 11:50
One person supports this post
Send private message quote this post

IP addresses are public. You're just trying to obfuscate yours to specific users. All IPs are likely scanned constantly, and a new server that comes up on the internet without recent patches can be compromised within 60 seconds.

 

I'd be fairly careful putting a public server on your network. 




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer

343 posts

Ultimate Geek
+1 received by user: 123


  Reply # 2130147 20-Nov-2018 11:59
Send private message quote this post

Are you hosting it just for Aus/NZ? Geo filtering is a good way to drop the majority of crap that comes in. Otherwise vlan the server off and make sure you're not running anything with elevated permissions.

dt



326 posts

Ultimate Geek
+1 received by user: 41


  Reply # 2130205 20-Nov-2018 12:51
Send private message quote this post

timmmay:

 

IP addresses are public. You're just trying to obfuscate yours to specific users. All IPs are likely scanned constantly, and a new server that comes up on the internet without recent patches can be compromised within 60 seconds.

 

I'd be fairly careful putting a public server on your network. 

 

 

 

 

It's certainly a concern of mine, I don't want to compromise my families safety just so a few randoms have a free place to blow off a bit of steam after work :) 

 

You've got me worried now, I might just bite the bullet and go with a VPS that someone here has kindly offered to provide relatively cheap as its for the community. 

 

 

 

SpartanVXL: Are you hosting it just for Aus/NZ? Geo filtering is a good way to drop the majority of crap that comes in. Otherwise vlan the server off and make sure you're not running anything with elevated permissions.

 

 

 

Yep just NZ/AU so great idea about Geo filtering, I would have gone down that route 

6276 posts

Uber Geek
+1 received by user: 1949

Trusted

  Reply # 2130248 20-Nov-2018 13:31
Send private message quote this post

Andib:

 

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

 

 

noip just gives you a CNAME, It offers no protection against DOS attacks etc.

 

 

 

 

I never said it did give protection, it just provides an alternative to an IP to give out... 

 

vulcannz:

 

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

If a firewall is half decent you can just enable connection limits per IP, that tends to inhibit DoS attacks. If you're hosting NZ mates, geo-ip filtering is a good idea as well.

 

 

Your router will still be dead if I did a DOS attack on your IP. No firewall exception will stop that.

 

You've got me worried now, I might just bite the bullet and go with a VPS that someone here has kindly offered to provide relatively cheap as its for the community.



VPS is the best idea.. Someone else issue and not yours! 




 

xpd

Chief Trash Bandit
9146 posts

Uber Geek
+1 received by user: 1443

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 2130253 20-Nov-2018 13:38
Send private message quote this post

Coil:

 

VPS is the best idea.. Someone else issue and not yours! 

 

 

Or have a friend host it on his connection so if any DDOS does appear, my connection is fine ;)  Not that I'd ever do that....... (walking away whistling)

 

 

 

 




XPD / Gavin / DemiseNZ

 

Server : i3-3240 @ 3.40GHz  16GB RAM  Win 10 Pro    Workstation : i5-xxxx @ x.xxGHz  16GB RAM  Win 10 pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, geeks, and more.    

6276 posts

Uber Geek
+1 received by user: 1949

Trusted

  Reply # 2130255 20-Nov-2018 13:43
Send private message quote this post

xpd:

 

Coil:

 

VPS is the best idea.. Someone else issue and not yours! 

 

 

Or have a friend host it on his connection so if any DDOS does appear, my connection is fine ;)  Not that I'd ever do that....... (walking away whistling)

 

 

 

 

 

 

Whats the IP again? Just gonna go re open the botnet and do some stress testing




 

353 posts

Ultimate Geek
+1 received by user: 84


  Reply # 2130576 20-Nov-2018 19:35
Send private message quote this post

PM'd. Let me know when you do it, I'd like to watch what happens.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.