Using tinyproxy/sslh to hide my IP for Minecraft Server

So, I have two machines I’m using to host minecraft servers at home. I saw a post recently about using sslh/aws instance for a proxy, but I couldn’t get it to work. I would like to open the servers up to more people, but I don’t wont my home IP to be visible. So, what I would like to do is use have my DNS address point to the AWS instance and then have that forward the tcp requests to my home IP. If there is a better paid option available, I don’t mind spending some money, but I just couldn’t find anything useful. https://www.howtogeek.com/440752/protect-your-home-minecraft-server-from-ddos-attacks-with-aws/ is the article using sslh, but after following all of the instructions, when I check the sslh service, I can’t get it to report it’s running. Any help would be greatly appreciated.

1 Like

How about trying https://www.velocitypowered.com/

velocity is more for connecting multiple servers together, I just need to protect my home IP. I’m sure I can do it with sslh/tinyproxy, I just don’t know how.

Hmm …
Dedicated server even linode, put the zerotier on the machine. Create a bridge between subnets. Or connect your server to an external server via openvpn …

Let your server sit on local address 192/10 and catch it in a tunnel that you will end on an external server. Here you add the appropriate interface configuration for pushing network traffic and in theory you have the service of a local machine available on the IP of an external server. Such a simple proxy for ip traffic.

Think of an external server as your gateway on the edge of your network and route traffic to one of your internal machines. But instead of physical LAN you will do it through a tunnel.

https://www.linode.com/level1techs

That is what OP seems to want to do, and he mentioned using AWS or whatever to host the other end of the tunnel, he is just needing pointers/guides on how to set up the tunnel, if I’m reading the post right?
Like, forward port12344222 rules to plug into his home router, or a virtual tunnel he can set up?

If he has AWS, let him use pfsense …
Since he has servers at home, he probably has experience and knows what he is doing and you do not need to hold his hand :wink:

VPN + NAT + port forwarding

1 Like

Is this with:
sudo systemctl status sslh

Or whatever on the aws box?

@Trooper_ish, Exactly. I don’t know how to configure tinyproxy/sslh. Desktop is really my area, not networking. I just need an aws instance that can redirect tcp traffic on a specific port to my servers. So, the users will use my DNS address to connect to the aws instance, which will then forward that traffic to my server. I’m not really worried about DDoS, I just want to hide my IP. I have PIA vpn, but I don’t think it’s the best fit for what I’m trying to accomplish. And I’m using service --status-all, which reports the service isn’t running.

1 Like

Dang.
I’ve really gotta sleep, but I would try and poke at the service, and the config file, like where it says to Chang the =runs bit and stuff.
Also in minecraft, try and connect to the AWS ip, just in case it is running but not visible, unless the status=all lists it as inactive, in which case, maybe find out why inactive?

I should really not internet before sleep.
Sorry to interject.
G’night

No problem, thanks!

So, when I run sudo systemctl status sslh, I get an error saying At least one target protocol must be specified.

Just installed it, and it seems to have a choice to run on it’s own, or under inetd.
I would suggest trying to apt purge it, then install again, and ensure it is set up to run standalone as a service?

I did not set it up, so

systemctl status sslh

gives the output that it failed:

● sslh.service - SSL/SSH multiplexer
Loaded: loaded (/lib/systemd/system/sslh.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2020-03-22 01:41:44 GMT; 33s ago
Docs: man:sslh(8)
Main PID: 232927 (code=exited, status=4)

Mar 22 01:41:44 Ubu-20 systemd[1]: Started SSL/SSH multiplexer.
Mar 22 01:41:44 Ubu-20 sslh[232927]: Usage of ‘ssl’ setting is deprecated and will be removed in v1.21. Please use ‘tls’ instead
Mar 22 01:41:44 Ubu-20 sslh[232927]: Name or service not known <change-me>:443' Mar 22 01:41:44 Ubu-20 sslh[232927]: Name or service not known
Mar 22 01:41:44 Ubu-20 systemd[1]: sslh.service: Main process exited, code=exited, status=4/NOPERMISSION
Mar 22 01:41:44 Ubu-20 systemd[1]: sslh.service: Failed with result ‘exit-code’.
~

I don’t really have a use case to test it in anger, so not sure, but I presume it failed because I had not set up any forwarding rules; from nor to anywhere?

Hey, so I figured it out. In the guide I was following, there was a typo, I just had to add a " on the end.

Thanks for all your input though!

1 Like

Nice one!
Well done bud

On the proxy box:

ssh user@minecraftServer -L 25565:localhost:25565

The downside to this (and all other simple methods) other then the obvious overheads is that you will incur, is that everyone will appear to be connecting from the IP of the proxy server. Any in-game bans based on IP will ban everyone (mind you IIRC minecraft uses the unique account name).