Forum

> > CS2D > Servers > Can I do port forwarding like this?
Forums overviewCS2D overview Servers overviewLog in to reply

English Can I do port forwarding like this?

8 replies
To the start Previous 1 Next To the start

old Can I do port forwarding like this?

Kolia_rus
Security Supporter Off Offline

Quote
Hello, us!

I have some questions about the port forwarding feature. My idea is to use one of my old PCs as a server. The trouble is that I don't have static IP, it changes everytime I enable/disable my Internet router, but I will purchase a static IP, which will allow me open ports too (by default, my Internet provider doesn't provide opened ports).

So, my plan is to purchase the static IP, use the old PC as a server and, which is the most important thing, proxy my IP through dedicated/virtual server. I plan to buy the most cheap DS / VDS just for this purpose. Can I do this? I have tried opening & forwarding ports via L2TP VPN and Iptables. This solution is workable, but I am unable to see real users' IP in this case: all I see is the IP of my own server with the VPN launched, so thing like bans by IP will be unavailable.

Will be there no such issue, if I will forward ports to a server with a static IP & opened ports? Also, will I be able to disallow connections to real IP belong to the PC I have at home and allow only connections to the IP I proxying via DS / VDS?

If there's a matter: I plan to use Windows 10 / Server 2022 on my PC and a kind of GNU / Linux on my DS / VDS.
edited 1×, last 18.02.24 07:41:17 pm

old Re: Can I do port forwarding like this?

Mami Tomoe
User Off Offline

Quote
If you have a dedicated server or a virtual dedicated server, you might as well use that for the hosting.

Windows isn't as secure or efficient when it comes to hosting servers, even more so when you plan to proxy the connection using another service that is located in another continent.

It's simply a lot easier, cheaper and smarter to use the (virtual) dedicated server for everything.

old Re: Can I do port forwarding like this?

Kolia_rus
Security Supporter Off Offline

Quote
@user Mami Tomoe: currently I paying for several virtual dedicated servers. The goal I want to hit is to stop spending money on them, and pay just for the most cheapest plan as a proxy. I know about necessity to pay for electricity and place the server in a cool ventilated room, and I don't think that it will be a big problem.

If thinking about cheapness, I mean the following: the "home server" is almost the same as "dedicated server" (not virtual!), meanwhile hosting services provides dedicated servers for higher prices than virtual ones.

I think it is possible to select Linux instead of Windows for server. I am not sure what do you mean by "another service that is located in another continent", most likely I did a misspell in the original post. I can purchase VDS in my country.

As for now, the thing I want to understand is whether what do I say possible at all. I did some "brain storm" after I have created this thread, and I think that things I'm talking about can exist. If not, most likely I don't understand how does Anti-DDoS services works. They are just creates a one more server in the "connection chain" which filtrates for various traffic and then redirects the "good" traffic to my server, right?

P.S.: actually it's cheaper to use multi-accounts on free hostings for things like HTTP downloading than use VDS / DS for everything.

old Re: Can I do port forwarding like this?

Mami Tomoe
User Off Offline

Quote
@user Kolia_rus, using a proxy server for your CS2D server is a big overload that won't help you at all against (D)DoS attacks.

If you do not know how to filter out the attacks from the genuine players, you will just slow down your services and gain no protection for your servers.

Stick to using one machine for everything, it's faster, and it's simpler.

old Re: Can I do port forwarding like this?

Kolia_rus
Security Supporter Off Offline

Quote
@user Mami Tomoe: the DDoS filtration is not the main point I want to hit. I just would like to proxy it to my IP address, but after I have used VPN I saw that all connections are coming from the same IP so I was unable to use such features, as IP bans. I wrote about DDoS filtration services as an example about the existence of ways to add an another server between my real server (where do I launch the cs2d_dedicated) and users.

So the thing I want is: use my PC as a game server and use a VDS to proxy the whole thing so that all the traffic would go to my own IP. I am afraid that the IP of the game server will be the same as I have on other devices, this is why I'm looking for solutions. Maybe I miss some important thing, so the goal I wan't to hit can't be real, and the one solution is to use the service of one more provider exclusively for my home server.

---

Updated: In before I were trying to proxy connections to my real IP through my own VDS. I did the next thing: installed xl2tpd on my VDS and connected to it via my PC on Windows (by the way, I had to change some values in regedit for compatibility with L2TP). This solution was workable, but all connections in log files were from my VDS IP. But currently I have closed ports and dynamic IP, may this be fixed if I'll purchase static IP and open ports? I'm really not sure. I know that the best way is to test manually, but my provider requires money for either disabling and enabling the static IP.
edited 1×, last 20.02.24 03:52:51 am

old Re: Can I do port forwarding like this?

DC
Admin Off Offline

Quote
It's important how far your proxy/VPN server is away from your actual server and how well the both are linked (IP route). If they aren't geographically close together the proxy server will most likely have a negative impact on latency and also possibly on packet loss.

These are the two most important values for game servers so you normally would do everything to keep them as low as possible. Having a proxy server does the opposite.

Moreover not just bans but also the USGN and also several flood protections rely on the client IP. So you will run into more problems if all clients have the same IP.

I wouldn't recommend using a proxy setup for a game server for any game which requires a low latency (shooters, racing, rts, ...). Same for clients btw. No matter on which end the proxy is. It will have a negative impact because it adds extra steps for each network packet.

In short: A proxy for a server will always lead to a worse experience (higher latency) than playing on a server directly.
(it's possible though that the difference isn't much noticeable if proxy and game server have a fast/short connection)

old Re: Can I do port forwarding like this?

Kolia_rus
Security Supporter Off Offline

Quote
I know that an additional server between the client and the game server will create more latency. But to be honestly I don't think this may add a high values of ping (like +100 ms). I'm searching for a way that would let me hide the IP of my server but see real users' IPs.

old Use GNU/Linux

uaiek
User Off Offline

Quote
I'm no expert, but I'll try to give some pointers.

First, what you are going to setup is called a reverse proxy, which in contrast to a forward proxy, it protects the origin server's address instead of a client's address.

Here's your setup as per my understanding:

[CLIENT(s)] -> [R.PROXY] -> [PC]

Here, the reverse proxy is exposed while your PC is hidden behind the proxy. The thing is when port forwarding is setup like this, your PC will see all your incoming packets come from the proxy, resulting in everyone in the game having the same IP address (which can break many things).

In web service scenario, this setup is often used. So, how does one manage to preserve the clients' IP? The answer is: they embed it in the header of a HTTP request by the reverse proxy using X-Forwarded-For option, making the proxy somewhat transparent.

Unfortunately, AFAIK CS2D uses raw UDP for communication. So, making your reverse proxy transparent is not easy.

However, there is a workaround since your goal is not to make the proxy transparent, but to protect your PC's address while being able to uniquely identify a player. If I were you with your current reverse proxy setup, check if the players can be uniquely identified by either Steam/USGN or not. For example, if a player can be uniquely identified by their Steam ID, limit your server to be Steam only. The same goes for USGN, if it works, limit your server to accept only USGN registered players. At worst case if neither Steam or USGN works, implement the identification system yourself with Lua. If a player does not conform to your system, kick him.

Edit:
Upon further researches, it seems that making your proxy transparent is actually possible: please read this.
edited 1×, last 04.08.21 07:45:28 pm
To the start Previous 1 Next To the start
Log in to reply Servers overviewCS2D overviewForums overview