Hosting a Minecraft Server

Hello,

i'm trying to run a minecraft server on my local desktop which is connected to an openwrt router over ethernet.
From what i've found out in order to allow people from around the world to connect to my server i must enable port forwarding in openwrt, i'm not sure which settings i should edit and which not to.

Thank you in advance!

  • You use this menu:
  • The Minecraft instructions should tell you what Ports to Forward
  • You need to select the server as the Internal IP
1 Like

Thanks, i did use this window and i was able to join the server by granting both minecraft and the server network access and entering the ip adress "localhost", obviously that isnt my goal, i want to join the server over the internet, not localy.
By "select the servers ip" are you reffering to my computers local ip like 192.168.1.100 or the ip adress i can find when i search the internet for "what is my ip adress", if there was a command on the server that would hand over what ip is being used that would make things easy.
Also, i'm using mullvadvpn whenever i go online so maybe i must enter the mullvadip rather than my isp's ip as internal?
Apologies if all this sounds like nonsense, its just i've not really to much of an idea what i'm doing.

Do you run the Minecraft server on the OpenWrt device, or a downstream server?

You Port Forward to the local (LAN) IP of the server. It should be on the provided drop-down list.

  • Wait, you have a VPN running on the router too?
  • Do you want the server accessible over WAN or the Mullvad VPN?
  • Have you configured all traffic to use the VPN?

The minecraft server runs on my desktop computer

Thanks for getting back to me so quickly,

Does the IP of the server within the dropdown menu change if i use a vpn?
While using a vpn i cannot login to openwrt so i cant check.

I do not self host the vpn, mullvadvpn is a company.
If i have a choice i want to access the server on my computer localy so i have less delay, but my friends must be able to join over the internet.
Yes all traffic on my desktop goes through mullvadvpn and the openwrt router.

So how does this work now? How do i figure out which IP the minecraft server hosted on my desktop uses? Hmmm, i'll have a look at the dropdown-menu.

OK, you're asking more questions before we have clarity.

You have 3 IPs related to this setup: Public VPN, Public WAN and Local Desktop IP.

  • Your local Desktop IP only changes if your local lease changes/drops, - you can configure your desktop/server to have a Static IP address, this LAN IP is administered by you
  • Again, is the VPN on your router or Server/Desktop?
  • We also need to know how the VPN is used

I understand Mullvad is a company. I guess you misunderstood the question, and the answer wasn't helpful in assisting you. We need to know how you setup and use the VPN, especially at the moment when you're trying to run the server.

Simply pick your desktop from the drop-down list. This is information that only you
would know
.

Are you having issues identifying your own Locally connected machines?

1 Like

Thanks for the reply,

The vpn software is installed on my desktop computer.
I use the vpn to replace my isp, basically all traffic goes through it im pretty sure.
There is split tunneling but i dont use it.

I just noticed that as i said while im connected to the vpn i cannot access the openwrt router via 192.168.1.1, however if i enable split tunneling for my browser to exclude it from using the vpn, then i can connect to the router.

I always connect to mullvadvpn automatically as soon as my computer starts, which means the minecraft server atleast so i asume must also be using the vpn ip adress?

I did select my desktop from the dropdownlist just as i found it should be done by watching a guide. I was able to identify my local computer in the dropdownmenu, can confirm it is the correct device because of its name and the ip it uses matches the one shown by the ipconfig command on my operatingsystem.

  • Do not use your Desktop VPN connection while attempting to run a server

Correct, this is the intended security feature of a VPN. Likewise, people won't be able to reach your server/desktop when you're connected to the VPN.

No, it means you'll have to disconnect your VPN while actively hosting the Minecraft server.

  • Cool, Save & Apply - and you're done.
  • Be sure to open the firewall on the desktop for port 25565

Once complete:

  • remote users access via the WAN IP of the OpenWrt
  • you will access the LAN IP when on the local network (LAN)
  • if you are running the game on the same machine as the server - you can use localhost

It is more complicated than 2 checkboxes

As a minimum add machinery like dos protection but for forward traffic, yes injecting rule via nftables.d
Also you need other internet connection when this one is KO-d by creepers or your residential provider detecting them.

2 Likes

Disable incoming ping and change WAN zone forward and input from reject to drop.
Example custom rule to limit connection rate towards your rule.
Add into a new file with .nft extension in /etc/nftables.d/

(Filter line is optimal bytecode-wise, limiter is copied from fw4 default, may need changed. It keeps your server up while may drop legit clients under attack)

chain mangle_prerouting {
         type filter hook prerouting priority mangle; policy accept;
         iif $wan_devices ct state new meta l4proto . th dport vmap { tcp . 25565 : jump mines, udp . 25565 : jump mines}
        }

chain mines {
        counter limit rate 5/second burst 50 packets counter return
        drop
        }

Run fw4 check to confirm resulting ruleset is OK
Observe 2 counters using nft list ruleset once you feel under attack.
Either way - I am interested in any result to improve default fw4 setup.

1 Like

I was able to join the minecraftserver not only localy but also by grabing the ipv4 adress from the vpn adapter while being connected to the vpn and hosting the server all at the same time.
So it seems people will be able to reach my server even when i host the server while using a vpn.

If i run into any troubble i'll get back here certainly.
Anyways thanks for helping me.

If i'll ever become target of a DOS attack i'll get back to you, untill then i probably won't need this additional security because i haven't shared my ip with anyone, and the people whom will play minecraft with me are trustworthy.

You can leave it on at all times. No adverse impact on other connectivity or even already established connections, just rate limiting new connection making.

1 Like