Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


dt

dt

1082 posts

Uber Geek


#242898 19-Nov-2018 14:06
Send private message

Hi, I looking at throwing up an old quake world server for the community and was wondering the most secure was to do this?

 

Im just using a residential Orcon connection so only have one public facing address.. I'm using a pfsense firewall and thought perhaps I could setup a separate VLAN to put the server on and port forward to that server keeping it outside of my home network

 

If that is completely wrong, you have probably already guessed I have no idea what im doing here :) but i'm a computer/network hobbyist so would like to give whatever is suggested as best practice for my type of setup 

 

or am I being paranoid that someone might gain access to my network by knowing my IP address? 

 

Cheers,

 

DT 


Create new topic
Affiliate link
 
 
 

Affiliate link: Buy anything now at AliExpress.
Coil
6614 posts

Uber Geek
Inactive user


  #2129446 19-Nov-2018 14:24
Send private message

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 


chevrolux
4962 posts

Uber Geek
Inactive user


  #2129447 19-Nov-2018 14:26
Send private message

Sticking it on a separate VLAN is a good start. Then make some firewall rules to not allow traffic from that subnet to your main subnet.


Andib
1231 posts

Uber Geek

ID Verified
Trusted

  #2129488 19-Nov-2018 15:11
Send private message

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

 

 

noip just gives you a CNAME, It offers no protection against DOS attacks etc.





Signing up for Contact Energy? Use my referral and we both get $100 credit.




vulcannz
436 posts

Ultimate Geek
Inactive user


  #2129737 19-Nov-2018 18:33
Send private message

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

If a firewall is half decent you can just enable connection limits per IP, that tends to inhibit DoS attacks. If you're hosting NZ mates, geo-ip filtering is a good idea as well.


vulcannz
436 posts

Ultimate Geek
Inactive user


  #2129738 19-Nov-2018 18:33
Send private message

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

If a firewall is half decent you can just enable connection limits per IP, that tends to inhibit DoS attacks. If you're hosting NZ mates, geo-ip filtering is a good idea as well.


dt

dt

1082 posts

Uber Geek


  #2130130 20-Nov-2018 11:39
Send private message

Ok will give setting up another vlan a crack with no access to the home network.

 

Are there any other suggestions?

 

Every time i've tried connecting to a quake server using a dns name it always shows the IP address during the connection i.e connect my.quakeserver.com > connecting to xxx.xxx.xxx.xxx 

 

In this case would it still show my IP address or an IP address of NOIP? also all the quake server browsers show the IP addresses rather than hostnames? Maybe just an old quake thing? 


chevrolux
4962 posts

Uber Geek
Inactive user


  #2130136 20-Nov-2018 11:48
Send private message

Unless No-IP proxy to your server (which I highly doubt they would want to do for free), it's always going to show your IP address. But don't get caught up on that, just understand that if you have a public server, your IP is quite easily found - it's just how it is.

 

As @vulcannz said, some rules to drop IP's that attempt TCP floods and port scanners are a good idea to slow down normal DoS attacks, but never full proof. Some hardware accelerated routers can deal with things a bit better when the CPU doesn't need to be involved - something you can't avoid with pfSense.

 

But just go for it, worst that can happen is you get DDoS'd, your ISP gets grumpy, you say sorry and shut down the server.




timmmay
18504 posts

Uber Geek

Trusted
Subscriber

  #2130139 20-Nov-2018 11:50
Send private message

IP addresses are public. You're just trying to obfuscate yours to specific users. All IPs are likely scanned constantly, and a new server that comes up on the internet without recent patches can be compromised within 60 seconds.

 

I'd be fairly careful putting a public server on your network. 


SpartanVXL
843 posts

Ultimate Geek


  #2130147 20-Nov-2018 11:59
Send private message

Are you hosting it just for Aus/NZ? Geo filtering is a good way to drop the majority of crap that comes in. Otherwise vlan the server off and make sure you're not running anything with elevated permissions.

dt

dt

1082 posts

Uber Geek


  #2130205 20-Nov-2018 12:51
Send private message

timmmay:

 

IP addresses are public. You're just trying to obfuscate yours to specific users. All IPs are likely scanned constantly, and a new server that comes up on the internet without recent patches can be compromised within 60 seconds.

 

I'd be fairly careful putting a public server on your network. 

 

 

 

 

It's certainly a concern of mine, I don't want to compromise my families safety just so a few randoms have a free place to blow off a bit of steam after work :) 

 

You've got me worried now, I might just bite the bullet and go with a VPS that someone here has kindly offered to provide relatively cheap as its for the community. 

 

 

 

SpartanVXL: Are you hosting it just for Aus/NZ? Geo filtering is a good way to drop the majority of crap that comes in. Otherwise vlan the server off and make sure you're not running anything with elevated permissions.

 

 

 

Yep just NZ/AU so great idea about Geo filtering, I would have gone down that route 


Coil
6614 posts

Uber Geek
Inactive user


  #2130248 20-Nov-2018 13:31
Send private message

Andib:

 

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

 

 

noip just gives you a CNAME, It offers no protection against DOS attacks etc.

 

 

 

 

I never said it did give protection, it just provides an alternative to an IP to give out... 

 

vulcannz:

 

Coil:

 

I have hosted a few game servers from home in past years. Was mainly minecraft, COD, GMod and a few others.
By simply knowing your IP people can't do a whole lot. I could do a DOS attack and flood your network but other than that I couldn't do much myself. 
Seemed to work fine. I would suggest you use No-IP if you are concerned. AFAIK they mast your IP with a subdomain but anyone with wireshark could probably see past that.

Cheers

 

 

 

 

If a firewall is half decent you can just enable connection limits per IP, that tends to inhibit DoS attacks. If you're hosting NZ mates, geo-ip filtering is a good idea as well.

 

 

Your router will still be dead if I did a DOS attack on your IP. No firewall exception will stop that.

 

You've got me worried now, I might just bite the bullet and go with a VPS that someone here has kindly offered to provide relatively cheap as its for the community.



VPS is the best idea.. Someone else issue and not yours! 


xpd

xpd
Trash bandit
11927 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2130253 20-Nov-2018 13:38
Send private message

Coil:

 

VPS is the best idea.. Someone else issue and not yours! 

 

 

Or have a friend host it on his connection so if any DDOS does appear, my connection is fine ;)  Not that I'd ever do that....... (walking away whistling)

 

 

 

 





       Gavin / xpd / FastRaccoon

 

Website - Photo Gallery - Instagram

 

 


Coil
6614 posts

Uber Geek
Inactive user


  #2130255 20-Nov-2018 13:43
Send private message

xpd:

 

Coil:

 

VPS is the best idea.. Someone else issue and not yours! 

 

 

Or have a friend host it on his connection so if any DDOS does appear, my connection is fine ;)  Not that I'd ever do that....... (walking away whistling)

 

 

 

 

 

 

Whats the IP again? Just gonna go re open the botnet and do some stress testing


vulcannz
436 posts

Ultimate Geek
Inactive user


  #2130576 20-Nov-2018 19:35
Send private message

PM'd. Let me know when you do it, I'd like to watch what happens.


Create new topic





News and reviews »

D-Link G415 4G Smart Router Review
Posted 27-Jun-2022 17:24


New Zealand Video Game Sales Reaches $540 Million
Posted 26-Jun-2022 14:49


Github Copilot Generally Available to All Developers
Posted 26-Jun-2022 14:37


Logitech G Introduces the New Astro A10 Headset
Posted 26-Jun-2022 14:20


Fitbit introduces Sleep Profiles
Posted 26-Jun-2022 14:11


Synology Introduces FlashStation FS3410
Posted 26-Jun-2022 14:04


Intel Arc A380 Graphics First Available in China
Posted 15-Jun-2022 17:08


JBL Introduces PartyBox Encore Essential Speaker
Posted 15-Jun-2022 17:05


New TVNZ+ streaming brand launches
Posted 13-Jun-2022 08:35


Chromecast With Google TV Review
Posted 10-Jun-2022 17:10


Xbox Gaming on Your Samsung Smart TV No Console Required
Posted 10-Jun-2022 00:01


Xbox Cloud Gaming Now Available in New Zealand
Posted 10-Jun-2022 00:01


HP Envy Inspire 7900e Review
Posted 9-Jun-2022 20:31


Philips Hue Starter Kit Review
Posted 4-Jun-2022 11:10


Sony Expands Its Wireless Speaker X-series Range
Posted 4-Jun-2022 10:25









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.