Need help with home server security

[ItWasEnder]

Hello! I currently have an unused pc that I want to install windows server on and run game servers off of. I was doing some reading and found that it would be easiest to get a Ubuntu mc from google cloud and use it as a proxy connection to my home server. That way I won’t have to give out my up, but I am not knowledgeable about networking at all and was wondering if anyone can help me out. What I want to do is host Minecraft server on a range of ports 25565-25570 and I want to have a proxy for ddos protection. How would I route the incoming connections to the correct ports on my actual server? Hopefully all this makes sense. Thanks in advance for the help.

[Oshino Shinobu]

If you can get a cloud based proxy with DDoS protection, you can set up the security for your network a bit more. 

 

Assuming the proxy is setup to forward traffic correctly, you'll need to set up port forwarding rules to direct traffic from the external ports to the correct IP and internal ports for your local server. 

 

If the cloud based proxy is always going to have a static IP address and all connections are being routed through it, you can set up a port forwarding rule to only forward traffic on ports 25565-25570 if they come from your proxy's IP address or you can setup a firewall rule on the network firewall to reject all connections on those ports unless they come from your proxy, either would achieve the same goal. 

 

If you do the above, you reduce the chances of attacks on your network. Opening ports and having anything internet facing is always a risk to some extent and someone could still trace where the proxy is sending packets, over what ports and spoof their IP to look like the proxy server to attack you, but it at least presents more hurdles to overcome and should protect from non-targeted attacks. 

[ItWasEnder]

7 hours ago, doertedev said:

• google for "free dynamic dns", for the port range that the games you want to host require and loop them through in your router to have the outside world be able to connect. 
• when ddos is a concern and you say you have no network knowledge I highly recommend getting a low end 5 bucks/month virtual server from digitalocean or thelike and host your games there. They have the knowledge.

 

7 hours ago, Oshino Shinobu said:

If you can get a cloud based proxy with DDoS protection, you can set up the security for your network a bit more. 

 

Assuming the proxy is setup to forward traffic correctly, you'll need to set up port forwarding rules to direct traffic from the external ports to the correct IP and internal ports for your local server. 

 

If the cloud based proxy is always going to have a static IP address and all connections are being routed through it, you can set up a port forwarding rule to only forward traffic on ports 25565-25570 if they come from your proxy's IP address or you can setup a firewall rule on the network firewall to reject all connections on those ports unless they come from your proxy, either would achieve the same goal. 

 

If you do the above, you reduce the chances of attacks on your network. Opening ports and having anything internet facing is always a risk to some extent and someone could still trace where the proxy is sending packets, over what ports and spoof their IP to look like the proxy server to attack you, but it at least presents more hurdles to overcome and should protect from non-targeted attacks. 

I’m going to reply to both of you. So I’m using a google vm (f1-micro) so it has a half a gig of ram and that is basically free and I have $300 credit for a year and it has ddos protection I believe. I’m running Ubuntu 18.0.4 on it rn but I can change it. What I don’t know how to do is actually edit the firewall to do what I need. Like what should I google. Also as for the proxy servers ip, I’ll have to check this, but if it is dynamic i know how to add a cron to continuously update on my domain but if it’s going to make issues elsewhere let me know. Thanks again for the response.

 

ps: I’m aware that people can still get my up with programs like wireshark.

Edited January 10, 2020 by EnderGaming

[ItWasEnder]

3 hours ago, doertedev said:

I would discourage running anything on the internet from your home with your level of knowledge. Check daily on Packtub for free learning materials, and basic "gcp vpc" setups can be goggled for. There is literally no reason to bother with ddos or other protection mechanisms when running some machine in the cloud, they do this for you. Just make sure to only leave the games' external facing ports plus ssh (22) listening publicly on the ipv4/6 interface (check via netstat -tulpen) on Linux.

 

this is more of a learning project since I have some extra hardware and want to host game servers easily. Also I am litterally broke so any cloud solution doesnt really work unless I just want a simple proxy.