Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Secure way to host a public server

dt



366 posts

Ultimate Geek
+1 received by user: 54


Topic # 242898 19-Nov-2018 14:06
Send private message

Hi, I looking at throwing up an old quake world server for the community and was wondering the most secure was to do this?

 

Im just using a residential Orcon connection so only have one public facing address.. I'm using a pfsense firewall and thought perhaps I could setup a separate VLAN to put the server on and port forward to that server keeping it outside of my home network

 

If that is completely wrong, you have probably already guessed I have no idea what im doing here :) but i'm a computer/network hobbyist so would like to give whatever is suggested as best practice for my type of setup 

 

or am I being paranoid that someone might gain access to my network by knowing my IP address? 

 

Cheers,

 

DT 

Create new topic
6829 posts

Uber Geek
+1 received by user: 2325

Trusted

  Reply # 2129446 19-Nov-2018 14:24
Send private message

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 




 

3839 posts

Uber Geek
+1 received by user: 1553

Subscriber

  Reply # 2129447 19-Nov-2018 14:26
2 people support this post
Send private message

Sticking it on a separate VLAN is a good start. Then make some firewall rules to not allow traffic from that subnet to your main subnet.

 
 
 
 


977 posts

Ultimate Geek
+1 received by user: 638

Trusted

  Reply # 2129488 19-Nov-2018 15:11
3 people support this post
Send private message

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

 

 

noip just gives you a CNAME, It offers no protection against DOS attacks etc.

432 posts

Ultimate Geek
+1 received by user: 141


  Reply # 2129737 19-Nov-2018 18:33
Send private message

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

If a firewall is half decent you can just enable connection limits per IP, that tends to inhibit DoS attacks. If you're hosting NZ mates, geo-ip filtering is a good idea as well.

432 posts

Ultimate Geek
+1 received by user: 141


  Reply # 2129738 19-Nov-2018 18:33
2 people support this post
Send private message

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

If a firewall is half decent you can just enable connection limits per IP, that tends to inhibit DoS attacks. If you're hosting NZ mates, geo-ip filtering is a good idea as well.

dt



366 posts

Ultimate Geek
+1 received by user: 54


  Reply # 2130130 20-Nov-2018 11:39
Send private message

Ok will give setting up another vlan a crack with no access to the home network.

 

Are there any other suggestions?

 

Every time i've tried connecting to a quake server using a dns name it always shows the IP address during the connection i.e connect my.quakeserver.com > connecting to xxx.xxx.xxx.xxx 

 

In this case would it still show my IP address or an IP address of NOIP? also all the quake server browsers show the IP addresses rather than hostnames? Maybe just an old quake thing? 

3839 posts

Uber Geek
+1 received by user: 1553

Subscriber

  Reply # 2130136 20-Nov-2018 11:48
Send private message

Unless No-IP proxy to your server (which I highly doubt they would want to do for free), it's always going to show your IP address. But don't get caught up on that, just understand that if you have a public server, your IP is quite easily found - it's just how it is.

 

As @vulcannz said, some rules to drop IP's that attempt TCP floods and port scanners are a good idea to slow down normal DoS attacks, but never full proof. Some hardware accelerated routers can deal with things a bit better when the CPU doesn't need to be involved - something you can't avoid with pfSense.

 

But just go for it, worst that can happen is you get DDoS'd, your ISP gets grumpy, you say sorry and shut down the server.

14494 posts

Uber Geek
+1 received by user: 2666

Trusted
Subscriber

  Reply # 2130139 20-Nov-2018 11:50
One person supports this post
Send private message

IP addresses are public. You're just trying to obfuscate yours to specific users. All IPs are likely scanned constantly, and a new server that comes up on the internet without recent patches can be compromised within 60 seconds.

 

I'd be fairly careful putting a public server on your network. 




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer

360 posts

Ultimate Geek
+1 received by user: 133


  Reply # 2130147 20-Nov-2018 11:59
Send private message

Are you hosting it just for Aus/NZ? Geo filtering is a good way to drop the majority of crap that comes in. Otherwise vlan the server off and make sure you're not running anything with elevated permissions.

dt



366 posts

Ultimate Geek
+1 received by user: 54


  Reply # 2130205 20-Nov-2018 12:51
Send private message

timmmay:

 

IP addresses are public. You're just trying to obfuscate yours to specific users. All IPs are likely scanned constantly, and a new server that comes up on the internet without recent patches can be compromised within 60 seconds.

 

I'd be fairly careful putting a public server on your network. 

 

 

 

 

It's certainly a concern of mine, I don't want to compromise my families safety just so a few randoms have a free place to blow off a bit of steam after work :) 

 

You've got me worried now, I might just bite the bullet and go with a VPS that someone here has kindly offered to provide relatively cheap as its for the community. 

 

 

 

SpartanVXL: Are you hosting it just for Aus/NZ? Geo filtering is a good way to drop the majority of crap that comes in. Otherwise vlan the server off and make sure you're not running anything with elevated permissions.

 

 

 

Yep just NZ/AU so great idea about Geo filtering, I would have gone down that route 

6829 posts

Uber Geek
+1 received by user: 2325

Trusted

  Reply # 2130248 20-Nov-2018 13:31
Send private message

Andib:

 

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

 

 

noip just gives you a CNAME, It offers no protection against DOS attacks etc.

 

 

 

 

I never said it did give protection, it just provides an alternative to an IP to give out... 

 

vulcannz:

 

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

If a firewall is half decent you can just enable connection limits per IP, that tends to inhibit DoS attacks. If you're hosting NZ mates, geo-ip filtering is a good idea as well.

 

 

Your router will still be dead if I did a DOS attack on your IP. No firewall exception will stop that.

 

You've got me worried now, I might just bite the bullet and go with a VPS that someone here has kindly offered to provide relatively cheap as its for the community.



VPS is the best idea.. Someone else issue and not yours! 




 

xpd

Chief Trash Bandit
9359 posts

Uber Geek
+1 received by user: 1562

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 2130253 20-Nov-2018 13:38
Send private message

Coil:

 

VPS is the best idea.. Someone else issue and not yours! 

 

 

Or have a friend host it on his connection so if any DDOS does appear, my connection is fine ;)  Not that I'd ever do that....... (walking away whistling)

 

 

 

 




XPD / Gavin / DemiseNZ

 

Server : i3-3240 @ 3.40GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  16GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, geeks, and more.    

6829 posts

Uber Geek
+1 received by user: 2325

Trusted

  Reply # 2130255 20-Nov-2018 13:43
Send private message

xpd:

 

Coil:

 

VPS is the best idea.. Someone else issue and not yours! 

 

 

Or have a friend host it on his connection so if any DDOS does appear, my connection is fine ;)  Not that I'd ever do that....... (walking away whistling)

 

 

 

 

 

 

Whats the IP again? Just gonna go re open the botnet and do some stress testing




 

432 posts

Ultimate Geek
+1 received by user: 141


  Reply # 2130576 20-Nov-2018 19:35
Send private message

PM'd. Let me know when you do it, I'd like to watch what happens.

Create new topic


Donate via Givealittle


Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon introduces new Kindle with adjustable front light
Posted 21-Mar-2019 20:14

A call from the companies providing internet access for the great majority of New Zealanders, to the companies with the greatest influence over social media content
Posted 19-Mar-2019 15:21

Two e-scooter companies selected for Wellington trial
Posted 15-Mar-2019 17:33

GeForce GTX 1660 available now
Posted 15-Mar-2019 08:47

Artificial Intelligence to double the rate of innovation in New Zealand by 2021
Posted 13-Mar-2019 14:47

LG demonstrates smart home concepts at LG InnoFest
Posted 13-Mar-2019 14:45

New Zealanders buying more expensive smartphones
Posted 11-Mar-2019 09:52

2degrees Offers Amazon Prime Video to Broadband Customers
Posted 8-Mar-2019 14:10

D-Link ANZ launches D-Fend AC2600 Wi-Fi Router Protected by McAfee
Posted 7-Mar-2019 11:09

Slingshot commissions celebrities to design new modems
Posted 5-Mar-2019 08:58

Symantec Annual Threat Report reveals more ambitious, destructive and stealthy attacks
Posted 28-Feb-2019 10:14

FUJIFILM launches high performing X-T30
Posted 28-Feb-2019 09:40

Netflix is killing content piracy says research
Posted 28-Feb-2019 09:33

Trend Micro finds shifting threats require kiwis to rethink security priorities
Posted 28-Feb-2019 09:27

Mainfreight uses Spark IoT Asset Tracking service
Posted 28-Feb-2019 09:25


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.