Adding Auth Servers to firewall allowlist.
I am selfhosting a minecraft server and for security reasons I blocked all the traffic to the server except from my proxy that my friends and I use to connect. When I configured this however, I noticed that the server has problems with the Authentication Servers.
Is there a way to also simply allow the auth servers to also connect with my server? (I have a UDM Pro so FQDN Firewalls rules are not really an option)
14 Replies
Thanks for asking your question!
Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is
Make sure to mark solved when issue is solved!!!
/close
!close
!solved
!answered
Requested by s4to#0
By "Problems with the Authentication Servers" I mean this: https://i.imgur.com/YI7CoIr.png
Do a pcap and see what IPs it is trying to reach out to, mayhaps?
Yeah I thought about that but the ip the auth servers use are constantly changing
So idk if there is another method to force the traffic to my port forwarded machine over a proxy
Otherwise, it should be reaching out to I believe
yes I also found authservers.mojang.com
but both those domains are ofc load balanced and such so the ip's are constantly changing
and Ubiquiti doesnt allow FQDN's in firewall rules
Whoops is
authserver.mojang.com, you're right
But no, using firewall to block 100% of traffic like that isn't recommended.Hmm yeah I figured
Don't expose services that don't need to be, and keep everything up to date.
You'll be fine.
Yeah I guess I will do that
Thank you for your time
Also, as an aside
https://community.ui.com/questions/Are-FQDN-firewall-rules-possible-on-UDM/24d0c7f8-955e-4ff7-93c5-0068a4b8da5e
This post help you any?
I did find that one but that did not fix it
Shame
https://www.spigotmc.org/threads/mojang-session-server-ips.307815/#post-2920289
This post has the most correct answer
SpigotMC - High Performance Minecraft
Mojang Session Server IPs
I'm using iptables as an inbound/outbound firewall. I originally set it up to allow outgoing requests to the session server, but the IPs keep...