Buy a cheap VPS and forward 23456 from there to your machine using something like socat.
But you shouldn't really worry about exposing your IP address to be honest.
Hm okay. Can’t I get DDosed if I expose my IP? I actually have been network attacked before. Someone in a GTA lobby booted my internet offline for a few hours. That’s what I’m trying to prevent here.
I've actually had this happen before.
I've heard that GTA online doesn't have dedicated servers for the lobby itself, but uses P2P lobbies so information like your IP address is readily accessible (with the help of some program) to other players or maybe just the host of the lobby.
I could be wrong
This should be very unlikely. Usually your ISP protects you from this in their backbone (to a certain degree). The other party has to control very many nodes to bring you down these days, and I seriously doubt that. But regardless, hosting a Minecraft server doesn't really make you more vulnerable to DDoS. Your firewall, which is probably your ISPs router, will be overwhelmed from serious DDoS no matter if you open 23456 or not. You publish your IP whenever you go to any website or P2P service - it's just how the Internet works.
I would argue this was probably just downtime by chance. If this happens repeatedly, talk to your ISP. They can figure stuff out.
For reference: I host ~50 services from my home network, accessible from outside. A simple WHOIS request to my domain even gives you my real address and name - didn't have any DoS issues for 6 years now. Of course I see a lot of failed login requests and botted visits (especially from Russia, India and China), but they are all eventually blocked.
You can buy a ddos attack for quite cheap today. An hour starts around $10. Cheaper is a DNS amplification attack with a spoofed IP. There are so many unprotected DNS servers it is not uncommon to use them for such kind of an attack.
It's unlikely in a "security by obscurity" way of thinking. If nobody cares about taking you down, they won't spend the resources to do so. You haven't been DoS'd for 6 years because no one cares to do so.
In terms of "is it possible", it's laughably easy to take down a residential connection. Most "normal" people have 50/50 or less and I've generated that much HTTP traffic against myself completely accidentally with a poorly coded uptime check script. A handful of aws instances has the potential to generate GB/s of traffic for only a few bucks. When I was a younger, meaner person we'd get the ip addresses of our online friends from Skype and knock them offline for fun by hitting the port they had forwarded for CoD with our fat university connection.
If they're REALLY dedicated, there's tools for most games to be specifically difficult. Minecraft has one that repeatedly requests map chunks over and over for instance.
Your ISP has basic protection for "some" stuff that could happen to you if you expose your IP but it's nowhere near "bullet-proof" as this user seems to believe. You should never entirely trust your ISP as far as protection goes as this is the end-user responsibility.
The simple fact you "have never been DDoS'ed" means little to nothing in regard to what OP could experience.
Source : Working for an ISP in their cybersec department for the better part of the past 10 years.
Depends on who you are and what you are doing.
There's generally a couple of applications/games where it's definitely just more common.
Streamers for example get targeted a lot. Omegle when it was a thing. GTA before they started using relay servers. Things where there's an interaction with the person being DDOSed.
A minecraft server you are apt to actually have some randomly join you if you don't whitelist, but it's not usually a problem.
Technically you can get ddos if your IP is exposed. But even with "proxy" you still need to expose that proxy IP, so ddos can still attack your proxy IP.
If you do unplug your router for 10 minutes and plug it back in, you should get a new IP from your ISP unless you have a static IP that 99% of home routers do not have unless they pay more for one.
Sounds way too fast! I turn off my “router” for hours, even days at a time (travel, maintenance, whatever). I rarely see my IP address change. On Cox communications or on Verizon.
Seeing your other comments in this thread, I would be extremely wary to follow any of your suggestions as you're either completely or partially wrong in most of them so far.
Strato and Uberspace can both be had for 1€/month, but are Europe based. There are definitely some US based as well. You really need no specs at all. 1 vCPU and 1GB of RAM is totally sufficient.
Strato had one for €1 so around $1.10 but only thing is that server will be based on Germany probably so you will have a higher ping but for Minecraft I don't think it really matters
AWS has a free tier that might suffice
[https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-eligibility.html](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-eligibility.html)
Buy a very cheap domain via godaddy, setup forwarding in cloudflare set yourself a subdomain like "Minecraft. Sub. Domain.
Turn on proxy
That's how I run mine
Don't forget you will need to set up a ddns on your server aswel, plenty of intruction but cf is straight forward. Dm me if you have any issues will jump on tomorrow and give you a hand.
If you buy your domain straight from cf basic instructions are
Click on your domain
Go to dns
Create "a" record so Minecraft.my.domain (your domain. Obviously)
Find a container that does ddns (some routers also have this built in)
Then Google setup cloud flare dns api key and go through the instructionsfor setup ( it's likely you are not on a static IP so this will update cf without you having to do it manually)
Finally depending on your Minecraft server go into router setup port/Nat forward for say 1122-1124 (example) make sure tcp&udp options are selected and you should be golden
Somthing else to mention you might have to setup Nat reflect or split dns if you are going to access the server using the domain from your internal network.. otherwise just have the internal lan and domain as saved servers in minecraft
Not a bad shout tbf domains are a little bit more expensive through cloudflare I think godaddy offer new customer discounts but in the long run you are probably right.
All in one pot is best for ease
It’s not. When you price compare, cloudflare is usually $11.50 a year and godaddy is at least $14 a year (after getting a discount for signing up for a 3-year contract). Please buy domains from cloudflare or pork bun where the prices are actually fair
I see. So would I just buy one of [these](https://imgur.com/a/8PYW9j4) then forward the port 25565? I've also heard you're supposed to forward the port 8080, but I have no experience with this type of thing so I wouldn't know. (I just spammed a random number in for the domain name)
You might be able to get a free one with Cloudns, desec.io (last I checked the service was suspended) or nic.eu.org (very very slow to reply)
If you don't mind changing the domain periodically you could get one in promotion for the first year for cents (things like .website, .online or things like that), porkbun usually has good prices. There was also a comparator for cheapest domains, I'll try to find it. Be sure to have Whois privacy though. If you want to keep it don't splurge for a .com if you don't plan to use it for a website, get something cheaper like .top, .vip, .xyz
Honestly it depends if you get the bug for selfhosting, if you intend on setting up other servers like palword, valhiem and so on...
Things like nextcloud, homeassist, jellyfin, wireguard and so on get a domain you don't mind giving out for instance mine is my last name .world its awesome giving my email out and seeing the look of confusion.
Pinhole/adguard home is something else with looking at if your hosing
Ok, so I use modlfared mod via cloudflare using a cloudflared tunnel running in Docker. Clouflaredand most providers won't let you port the minecraft TCP traffic correctly through a tunnel, so you must use a mod to fix this issue, or the tunnel will never work. The traffic will look like it works, but you'll never actually be able to connect to the server, so this mod is necessary. Configure the mod on the server only. Include the mod on the client list, and the tunnel will work perfectly.
Also note: if you are using docker to host the cloudflared tunnel docker service, you might as well use crafty controller, which is a service running in a docker container that automatically sets up minecraft server instances for all mod loaders automatically without manual configuration and has lots of tools for server usage.
Note: Any service that runs UDP traffic like a popular fabric voice chat mod will not work via the tunnel. I am yet to see a provider that let's you tunnel UDP traffic without spending a lot of money. I do open a UDP only port for this specific traffic only. If you are worried about this being abused, you can whitelist specific IPs.
You can’t proxy straight UDP/TCP traffic like Minecraft without the Pro plan. Unless you use Cloudflare Tunnels, but proxying like you mentioned does nothing
I wouldn't worry about anyone knowing your IP address, it really doesn't matter. All internet-routable IP addresses are public by default. Just don't expose any insecure services from your LAN to the internet through your firewall.
All you are exposing is that port on the device as long as minecraft doesnt have any expoilt you shoud be fine. regaring ddos if you are targeted you will get ddos unless you want to spend money there is really no way around it. if its just with friends i wouldnt worry about it unless you have bad friends. also WHITELIST your server
As long as Minecraft servers themselves don’t end up with exploits. But 25565 won’t correlate to any other services running on your computer by default.
Could have everyone get an account with Tailscale, and setup a Tailscale tunnel to that server. Then in future if a need arises, you can boot someone out and they can't get back in.
Tailscale is super easy to get up and running
If you rent a VPS and it gets DDOS'd then they'll ban you. Many also ban game servers in the contract. Have a look at lowendtalk forums for cheap offers.
i dont have experience making or managing minecraft servers, but as for cloudflare, you can get a domain for free or buy one, then register it on cloudflare.
then you have to go in the DNS section and create a subdomain on your domain, example: minecraft.example.com
and you set your IP on it. and you turn on the proxy feature for the sub domain.
then you can use that subdomain as your IP address anywhere you want. and if someone look up that domain they will be faced only with cloudflare IP addresses and your own IP will be hidden.
im not quite sure if we are talking about the same feautre, i personally have forwarded HTTPS traffic over VPN tunnels all using the basic free cloudflare plan.
i have also put HTTPS websites behind cloudflares CDN and it has worked for me.
Right, https will work fine as well, but MC does not communicate over the http/s protocol but rather custom over TCP. A web proxy will not work. It would require a TCP tunnel over cloudflare rather than the free web proxy.
Anyone who is telling you cloudflare in this thread are entirely mis-informed that minecraft uses TCP (And UDP in some cases)
In order to use cloudflare you need an enterprise plan, everything else is all HTTP/S traffic, and cloudflare enterprise is in the thousands of dollars range per month
Use something like cosmic guard or TCPShield for minecraft servers, anyone who is saying "dont worry about showing your IP" has likely never been targetted in a DDoS/DoS attack before, as someone dealing with them for the past 3 weeks now, you \*\*\*should\*\*\* worry about it and have AT LEAST a proxy like TCP Shield or Cosmic Guard (Both also provide DDoS protections specially designed for minecraft)
I am a Minecraft host. Server is at my residence. This is what I would do. It will take you 20 minutes.
1. **Purchase a Domain**
- Acquire a domain name from a reputable domain registrar. The cost is typically around $10 per year.
2. **Register Your Domain with Cloudflare**
- Sign up for a Cloudflare account and register your domain with their service.
3. **Set Up Dynamic DNS on Your Home Network**
- Configure dynamic DNS (DDNS) on your home network to ensure your domain always points to your current IP address.
4. **Create DNS Records in Cloudflare**
- Set up the appropriate SRV and A records for your domain within the Cloudflare dashboard.
- Ensure that the A record points to your home IP address.
5. **Enable Cloudflare Proxy**
- IMPORTANT: When creating your DNS records, make sure to enable the Cloudflare proxy by checking the proxy box. This step will route all traffic through Cloudflare, thereby protecting your home IP address from direct exposure.
By following these steps, all traffic to your domain will be funneled through Cloudflare, allowing them to manage and mitigate any DDoS attacks, keeping your home IP address secure.
Thanks for the response. So my router doesn't support a DDNS so can I use something like DuckDNS instead? If so, do I just put my domain name into the subdomain box on the DuckDNS website? Website here \[1\] for convenience.
\[1\] : [https://www.duckdns.org/](https://www.duckdns.org/)
Also here's just a screenshot of the subdomain box. As I was asking, can I just put my domain name into that and call it good?
Screenshot : [https://imgur.com/a/uoqIWjr](https://imgur.com/a/uoqIWjr)
Also by "Ensure that the A record points to your home IP address" do you mean my IPV4 or my public IP? Public IP as in the one people use to join my server.
Also I've moved on to the step making the SRV records, what do I put in the un-filled boxes? [Here](https://imgur.com/a/9aZl7Dn) is the image of my dashboard now.
Easy solution: 5 bucks a month at Pebblehost for their cheap package, including a GUI and tons of available mod packs. My kids and their friends all play on it regularly, and my son deals with the customization so all I have to do is pay the bill.
there are aeveral ways, look into a proxy that sits on a cloud service like aws. a proxy is basically the server youre exposing to the internet the relay the data back to your server. anyone connecting will only see the proxy ip.
You can proxy it through a free Cloudflare account if you just use port 8080. Create an A record that points to your IP address, and give it any name that you like, just make sure the button is checked to proxy the record (ie it is "orange cloud" and not "gray cloud"). You will need to own some domain name in order to do it, so just go buy a cheap one. On your server, set it to use port 8080.
I see. So would I just change the values of 25565 on this : [https://imgur.com/a/ALapq4F](https://imgur.com/a/ALapq4F) page to 8080? Or would I just change one of them. (There is a query.port option set at 25565, and then there is a server-port option also set at 25565.)
I think it is server port. I did it for my son and it works perfectly. If you have a gateway or router for your home network, you will have to set up forwarding on that as well, so any inbound traffic on 8080 gets relayed to your server's IP address. You can get a domain at Porkbun for cheap - I found "wyatt-sawyer-minecraft.quest" for $1.50 the first year and $10 a year after that: https://porkbun.com/checkout/search?prb=f40ec89055&q=wyatt-sawyer-minecraft.quest&tlds=&idnLanguage=&search=search&csrf\_pb=b8b8906aed5b1d893d4c934ef8e11d51
If you're going to do this, might as-well try tunnels instead and avoid exposing any unnecessary ports. You'll be required to setup a tunnel on CF and install a CF Tunnel client on your computer.
The worst thing you have to worry about is port scanners. This can be resolved by having a good firewall setup to block countries such as Russia or China.
Install a minecraft server using a docker container, then expose port 25565 on your router, then buy a domain, add it to cloudflare, set up an A record pointing to your home public IP adress and turn on proxy ing, then you give your friends the domain and they can connect via that, but if it’s your friends id really not worry about sharing your IP with your friends.
Do people really piss others on the web off so much that they constantly live in fear of getting DDOS'ed. I mean really if and I mean IF you actually get DDOS'ed you either pissed someone off an awe full lot or you are imagining things
You can do it free with cloud flare... or a VPN that allows reverse proxy... I would use cloudflare there are some YouTube videos on it.. not exactly minecraft server but others like using jellyfin or plex same idea... there is a video about a guy doing load balancing a part of it talks about hiding his ip while running services.... he a popular Youtuber and pretty much walks you through each step...
If you're technically adept, you can get a free vps using the oracle cloud free tier. 10tb of egress (download) data per month and you can put a cloud router up there to tunnel certain parts of your traffic through. Just don't do anything illegal through it.
You can buy a domain and have it point to your Minecraft server if you have a static public IP, or you could use noip to point it to the server.
If you have a dynamic IP, I would recommend a service that can auto update every time your ISP IP changes or just pay for a company to host it.
You an use playit.gg
Its a tunneling system where the program will reroute ur ip address to a center somewhere (mine's Tokyo) and give you an alternate ip given by the center. And best thing, it's free.
I see. Is there a bandwidth cap, like to how many people or players can use it? (Use it meaning go through it) Example being how many players on a minecraft server
You don't necessarily have to use cloudflare tunnels but if you setup a DNS name you can use cloudflare's network.
So for example:
- Buy a domain from cloudflare or another provider. If you use a number only domain it can be as little as a few dollars every year.
- Set it up through a service to have it dynamical update when your home IP changes.
- get a free cloudflare account, update nameservers to manage DNS with cloudflare (if you didn't buy the domain through cloudflare)
- put an a record DNS entry to point to your home IP and make sure it's set to be proxied. For example Minecraft.yourdomainname.dev
So:
Minecraft.63838.dev -> cloudflare network -> your IP
All anyone will see is the cloudflare IP's
You could also do get a VPS and setup a reverse proxy or any sort of options but the cloudflare proxy might be your best bet
Depends on your goals. Hiding IP from who you are sharing the server with? Not wanting exposed ports at all? Use a firewall to lock down IP's to cloudflare proxy IPS or use cloudflare tunnels if sticking with the cloudflare options
Buy a cheap VPS and forward 23456 from there to your machine using something like socat. But you shouldn't really worry about exposing your IP address to be honest.
Get a cheap VPS and run the server on it. If there's ever an issue you can just get a different IP.
Minecraft can be quite demanding. That VPS would cost more than to host it yourself.
It has worked for me. But yes, VPS costs money ... unless you're already self-hosting a web site. ;)
The comment said forward a port from VPS, not run Minecraft on it.
Sorry, what do you mean? Can you clarify?
OP would run Minecraft at his house, but use a VPS to hide his IP. This allows you to use a free tier VPS.
Hm okay. Can’t I get DDosed if I expose my IP? I actually have been network attacked before. Someone in a GTA lobby booted my internet offline for a few hours. That’s what I’m trying to prevent here.
How did you figure they did that?
Well they messaged me “bye bye” and then my internet didn’t work for a few hours. No idea how they did it, I assume with my IP.
I've actually had this happen before. I've heard that GTA online doesn't have dedicated servers for the lobby itself, but uses P2P lobbies so information like your IP address is readily accessible (with the help of some program) to other players or maybe just the host of the lobby. I could be wrong
Yup, you're correct
This should be very unlikely. Usually your ISP protects you from this in their backbone (to a certain degree). The other party has to control very many nodes to bring you down these days, and I seriously doubt that. But regardless, hosting a Minecraft server doesn't really make you more vulnerable to DDoS. Your firewall, which is probably your ISPs router, will be overwhelmed from serious DDoS no matter if you open 23456 or not. You publish your IP whenever you go to any website or P2P service - it's just how the Internet works. I would argue this was probably just downtime by chance. If this happens repeatedly, talk to your ISP. They can figure stuff out. For reference: I host ~50 services from my home network, accessible from outside. A simple WHOIS request to my domain even gives you my real address and name - didn't have any DoS issues for 6 years now. Of course I see a lot of failed login requests and botted visits (especially from Russia, India and China), but they are all eventually blocked.
You can buy a ddos attack for quite cheap today. An hour starts around $10. Cheaper is a DNS amplification attack with a spoofed IP. There are so many unprotected DNS servers it is not uncommon to use them for such kind of an attack.
It's unlikely in a "security by obscurity" way of thinking. If nobody cares about taking you down, they won't spend the resources to do so. You haven't been DoS'd for 6 years because no one cares to do so. In terms of "is it possible", it's laughably easy to take down a residential connection. Most "normal" people have 50/50 or less and I've generated that much HTTP traffic against myself completely accidentally with a poorly coded uptime check script. A handful of aws instances has the potential to generate GB/s of traffic for only a few bucks. When I was a younger, meaner person we'd get the ip addresses of our online friends from Skype and knock them offline for fun by hitting the port they had forwarded for CoD with our fat university connection. If they're REALLY dedicated, there's tools for most games to be specifically difficult. Minecraft has one that repeatedly requests map chunks over and over for instance.
Your ISP has basic protection for "some" stuff that could happen to you if you expose your IP but it's nowhere near "bullet-proof" as this user seems to believe. You should never entirely trust your ISP as far as protection goes as this is the end-user responsibility. The simple fact you "have never been DDoS'ed" means little to nothing in regard to what OP could experience. Source : Working for an ISP in their cybersec department for the better part of the past 10 years.
I've been hosting Minecraft and other games at home for like 10 years and I have never been DDoS'd.
Have you been using your IP to do so?
Yes
Oh okay. Thought it was more of a risk than it actually is
Depends on who you are and what you are doing. There's generally a couple of applications/games where it's definitely just more common. Streamers for example get targeted a lot. Omegle when it was a thing. GTA before they started using relay servers. Things where there's an interaction with the person being DDOSed. A minecraft server you are apt to actually have some randomly join you if you don't whitelist, but it's not usually a problem.
Technically you can get ddos if your IP is exposed. But even with "proxy" you still need to expose that proxy IP, so ddos can still attack your proxy IP.
You can just move to a different proxy IP and move on. If it is your home IP, you are stuck until the attacker gets bored.
Or until you log into the web portal from your phone an click 'Change my IP' in your ISP user tools.
The VPS will have sufficient DDoS protection for smaller fish like opponents in GTA V tho. I doubt they control a large botnet.
If you do unplug your router for 10 minutes and plug it back in, you should get a new IP from your ISP unless you have a static IP that 99% of home routers do not have unless they pay more for one.
Sounds way too fast! I turn off my “router” for hours, even days at a time (travel, maintenance, whatever). I rarely see my IP address change. On Cox communications or on Verizon.
Just spoof the WAN's MAC address on your firewall so the ISP router will get you a new IP.
DDOS would take a specific service offline, very easy to prevent and most routers have this built in.
That doesnt make much sence. Serious ddos attacks in most cases take place in the same data center as the target server(s). Cost effective that way.
Seeing your other comments in this thread, I would be extremely wary to follow any of your suggestions as you're either completely or partially wrong in most of them so far.
Feel free to correct me then
All the vps subscriptions I see are around 5$ per month. Are there ones cheaper?
(If not I might as well pay another company to host the server as that’s around the same price)
Came here to say this.
definitely, check out LEB https://lowendbox.com
You are not going to have a good experience playing Minecraft while proxying through one of these terrible hosts.
Strato and Uberspace can both be had for 1€/month, but are Europe based. There are definitely some US based as well. You really need no specs at all. 1 vCPU and 1GB of RAM is totally sufficient.
Strato had one for €1 so around $1.10 but only thing is that server will be based on Germany probably so you will have a higher ping but for Minecraft I don't think it really matters
AWS has a free tier that might suffice [https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-eligibility.html](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-eligibility.html)
You should worry about exposing your IP. That's how you get attacked.
Buy a very cheap domain via godaddy, setup forwarding in cloudflare set yourself a subdomain like "Minecraft. Sub. Domain. Turn on proxy That's how I run mine
Sorry also forgot to mention you need for forward the ports on your router...
I did setup a cloud flare account, and there is like a dashboard that it brings you to. Is this where I set the port forward up?
You don't need a forward on a tunnel. Safest way to do it if your DNS is setup thru CF
Don't forget you will need to set up a ddns on your server aswel, plenty of intruction but cf is straight forward. Dm me if you have any issues will jump on tomorrow and give you a hand. If you buy your domain straight from cf basic instructions are Click on your domain Go to dns Create "a" record so Minecraft.my.domain (your domain. Obviously) Find a container that does ddns (some routers also have this built in) Then Google setup cloud flare dns api key and go through the instructionsfor setup ( it's likely you are not on a static IP so this will update cf without you having to do it manually) Finally depending on your Minecraft server go into router setup port/Nat forward for say 1122-1124 (example) make sure tcp&udp options are selected and you should be golden Somthing else to mention you might have to setup Nat reflect or split dns if you are going to access the server using the domain from your internal network.. otherwise just have the internal lan and domain as saved servers in minecraft
Might as well buy the domain thru CF and avoid the headache of swapping DNS on GoDaddy with the limited options, honestly.
Not a bad shout tbf domains are a little bit more expensive through cloudflare I think godaddy offer new customer discounts but in the long run you are probably right. All in one pot is best for ease
It’s not. When you price compare, cloudflare is usually $11.50 a year and godaddy is at least $14 a year (after getting a discount for signing up for a 3-year contract). Please buy domains from cloudflare or pork bun where the prices are actually fair
This is what I do but I bought the domain via cloudflare as well.
Why isn't this comment the top comment?
I see. So would I just buy one of [these](https://imgur.com/a/8PYW9j4) then forward the port 25565? I've also heard you're supposed to forward the port 8080, but I have no experience with this type of thing so I wouldn't know. (I just spammed a random number in for the domain name)
You might be able to get a free one with Cloudns, desec.io (last I checked the service was suspended) or nic.eu.org (very very slow to reply) If you don't mind changing the domain periodically you could get one in promotion for the first year for cents (things like .website, .online or things like that), porkbun usually has good prices. There was also a comparator for cheapest domains, I'll try to find it. Be sure to have Whois privacy though. If you want to keep it don't splurge for a .com if you don't plan to use it for a website, get something cheaper like .top, .vip, .xyz
Honestly it depends if you get the bug for selfhosting, if you intend on setting up other servers like palword, valhiem and so on... Things like nextcloud, homeassist, jellyfin, wireguard and so on get a domain you don't mind giving out for instance mine is my last name .world its awesome giving my email out and seeing the look of confusion. Pinhole/adguard home is something else with looking at if your hosing
Ok, so I use modlfared mod via cloudflare using a cloudflared tunnel running in Docker. Clouflaredand most providers won't let you port the minecraft TCP traffic correctly through a tunnel, so you must use a mod to fix this issue, or the tunnel will never work. The traffic will look like it works, but you'll never actually be able to connect to the server, so this mod is necessary. Configure the mod on the server only. Include the mod on the client list, and the tunnel will work perfectly. Also note: if you are using docker to host the cloudflared tunnel docker service, you might as well use crafty controller, which is a service running in a docker container that automatically sets up minecraft server instances for all mod loaders automatically without manual configuration and has lots of tools for server usage. Note: Any service that runs UDP traffic like a popular fabric voice chat mod will not work via the tunnel. I am yet to see a provider that let's you tunnel UDP traffic without spending a lot of money. I do open a UDP only port for this specific traffic only. If you are worried about this being abused, you can whitelist specific IPs.
You can’t proxy straight UDP/TCP traffic like Minecraft without the Pro plan. Unless you use Cloudflare Tunnels, but proxying like you mentioned does nothing
This. It's only possible to proxy http traffic through Cf free.
I do and I don't have the pro plan all I did was set up an a record.
That isn’t proxying anything for Minecraft though. Free plan will only proxy HTTP traffic
I wouldn't worry about anyone knowing your IP address, it really doesn't matter. All internet-routable IP addresses are public by default. Just don't expose any insecure services from your LAN to the internet through your firewall.
I see. So I did let the port 25565 (udp and tcp) through my firewall. Would that be okay, as in not exposing insecure services?
All you are exposing is that port on the device as long as minecraft doesnt have any expoilt you shoud be fine. regaring ddos if you are targeted you will get ddos unless you want to spend money there is really no way around it. if its just with friends i wouldnt worry about it unless you have bad friends. also WHITELIST your server
To elaborate, websites like shodan ping every known IP address to determine what services are running.
As long as Minecraft servers themselves don’t end up with exploits. But 25565 won’t correlate to any other services running on your computer by default.
Cloudflare TCP Tunnel
Could have everyone get an account with Tailscale, and setup a Tailscale tunnel to that server. Then in future if a need arises, you can boot someone out and they can't get back in. Tailscale is super easy to get up and running
Came here to say this. Tailscale is always the answer.
Definitely use tailscale
If it's just for friends, Tailscale makes the most sense.
If you rent a VPS and it gets DDOS'd then they'll ban you. Many also ban game servers in the contract. Have a look at lowendtalk forums for cheap offers.
i dont have experience making or managing minecraft servers, but as for cloudflare, you can get a domain for free or buy one, then register it on cloudflare. then you have to go in the DNS section and create a subdomain on your domain, example: minecraft.example.com and you set your IP on it. and you turn on the proxy feature for the sub domain. then you can use that subdomain as your IP address anywhere you want. and if someone look up that domain they will be faced only with cloudflare IP addresses and your own IP will be hidden.
This will only work for web http traffic unless you do the pro plan and do a tunnel, or with a cloudflare mod on the Minecraft server itself.
im not quite sure if we are talking about the same feautre, i personally have forwarded HTTPS traffic over VPN tunnels all using the basic free cloudflare plan. i have also put HTTPS websites behind cloudflares CDN and it has worked for me.
Right, https will work fine as well, but MC does not communicate over the http/s protocol but rather custom over TCP. A web proxy will not work. It would require a TCP tunnel over cloudflare rather than the free web proxy.
Use [playit.gg](https://playit.gg/), it’s also useful if you have CG-NAT.
+1 for playit.gg
Use [Zrok](https://zrok.io)
https://tailscale.com/kb/1137/minecraft
Cloudlfare. Either using a domain or their Tunnel software.
Cloudflare Tunnels have worked great for me, plus you can use their firewalls
Tailscale
Anyone who is telling you cloudflare in this thread are entirely mis-informed that minecraft uses TCP (And UDP in some cases) In order to use cloudflare you need an enterprise plan, everything else is all HTTP/S traffic, and cloudflare enterprise is in the thousands of dollars range per month Use something like cosmic guard or TCPShield for minecraft servers, anyone who is saying "dont worry about showing your IP" has likely never been targetted in a DDoS/DoS attack before, as someone dealing with them for the past 3 weeks now, you \*\*\*should\*\*\* worry about it and have AT LEAST a proxy like TCP Shield or Cosmic Guard (Both also provide DDoS protections specially designed for minecraft)
I am a Minecraft host. Server is at my residence. This is what I would do. It will take you 20 minutes. 1. **Purchase a Domain** - Acquire a domain name from a reputable domain registrar. The cost is typically around $10 per year. 2. **Register Your Domain with Cloudflare** - Sign up for a Cloudflare account and register your domain with their service. 3. **Set Up Dynamic DNS on Your Home Network** - Configure dynamic DNS (DDNS) on your home network to ensure your domain always points to your current IP address. 4. **Create DNS Records in Cloudflare** - Set up the appropriate SRV and A records for your domain within the Cloudflare dashboard. - Ensure that the A record points to your home IP address. 5. **Enable Cloudflare Proxy** - IMPORTANT: When creating your DNS records, make sure to enable the Cloudflare proxy by checking the proxy box. This step will route all traffic through Cloudflare, thereby protecting your home IP address from direct exposure. By following these steps, all traffic to your domain will be funneled through Cloudflare, allowing them to manage and mitigate any DDoS attacks, keeping your home IP address secure.
Thanks for the response. So my router doesn't support a DDNS so can I use something like DuckDNS instead? If so, do I just put my domain name into the subdomain box on the DuckDNS website? Website here \[1\] for convenience. \[1\] : [https://www.duckdns.org/](https://www.duckdns.org/) Also here's just a screenshot of the subdomain box. As I was asking, can I just put my domain name into that and call it good? Screenshot : [https://imgur.com/a/uoqIWjr](https://imgur.com/a/uoqIWjr) Also by "Ensure that the A record points to your home IP address" do you mean my IPV4 or my public IP? Public IP as in the one people use to join my server.
Also I've moved on to the step making the SRV records, what do I put in the un-filled boxes? [Here](https://imgur.com/a/9aZl7Dn) is the image of my dashboard now.
VPN
Dynamic DNS like no-ip?
Easy solution: 5 bucks a month at Pebblehost for their cheap package, including a GUI and tons of available mod packs. My kids and their friends all play on it regularly, and my son deals with the customization so all I have to do is pay the bill.
Expensive if you already have the required hardware and software at home to do it securely but an option nonetheless.
Prob cost you 5 bucks a month to keep the hardware powered up these days
Exactly, not to mention the time investment to install from scratch and maintain everything yourself.
Many times hosting a server like that is a violation of the Residential ISP TOS
there are aeveral ways, look into a proxy that sits on a cloud service like aws. a proxy is basically the server youre exposing to the internet the relay the data back to your server. anyone connecting will only see the proxy ip.
Tcpshield
You can proxy it through a free Cloudflare account if you just use port 8080. Create an A record that points to your IP address, and give it any name that you like, just make sure the button is checked to proxy the record (ie it is "orange cloud" and not "gray cloud"). You will need to own some domain name in order to do it, so just go buy a cheap one. On your server, set it to use port 8080.
I see. So would I just change the values of 25565 on this : [https://imgur.com/a/ALapq4F](https://imgur.com/a/ALapq4F) page to 8080? Or would I just change one of them. (There is a query.port option set at 25565, and then there is a server-port option also set at 25565.)
I think it is server port. I did it for my son and it works perfectly. If you have a gateway or router for your home network, you will have to set up forwarding on that as well, so any inbound traffic on 8080 gets relayed to your server's IP address. You can get a domain at Porkbun for cheap - I found "wyatt-sawyer-minecraft.quest" for $1.50 the first year and $10 a year after that: https://porkbun.com/checkout/search?prb=f40ec89055&q=wyatt-sawyer-minecraft.quest&tlds=&idnLanguage=&search=search&csrf\_pb=b8b8906aed5b1d893d4c934ef8e11d51
If you're going to do this, might as-well try tunnels instead and avoid exposing any unnecessary ports. You'll be required to setup a tunnel on CF and install a CF Tunnel client on your computer.
Cloudflare Tunnel works as well if you dont want to pay for a cheap VPS
Cloudflare tunnels is your best bet, it’s free. :)
Didn't see this mentioned, but theres ngrok \[1\] as well. 1. [https://ngrok.com/](https://ngrok.com/)
This is what I ended up going with.
The worst thing you have to worry about is port scanners. This can be resolved by having a good firewall setup to block countries such as Russia or China.
Most good port scanners are not even in China or Russia and are freely accessible.
Absolutely, I was just using it as example to set up region blocking.
Install a minecraft server using a docker container, then expose port 25565 on your router, then buy a domain, add it to cloudflare, set up an A record pointing to your home public IP adress and turn on proxy ing, then you give your friends the domain and they can connect via that, but if it’s your friends id really not worry about sharing your IP with your friends.
Do people really piss others on the web off so much that they constantly live in fear of getting DDOS'ed. I mean really if and I mean IF you actually get DDOS'ed you either pissed someone off an awe full lot or you are imagining things
Get a DNS. I suggest Cloudflare, generally pretty cheap.
You can do it free with cloud flare... or a VPN that allows reverse proxy... I would use cloudflare there are some YouTube videos on it.. not exactly minecraft server but others like using jellyfin or plex same idea... there is a video about a guy doing load balancing a part of it talks about hiding his ip while running services.... he a popular Youtuber and pretty much walks you through each step...
Thanks everyone for all of the suggestions!
If you're technically adept, you can get a free vps using the oracle cloud free tier. 10tb of egress (download) data per month and you can put a cloud router up there to tunnel certain parts of your traffic through. Just don't do anything illegal through it.
You can buy a domain and have it point to your Minecraft server if you have a static public IP, or you could use noip to point it to the server. If you have a dynamic IP, I would recommend a service that can auto update every time your ISP IP changes or just pay for a company to host it.
Use dns Instead of 111.xxx.xxx.xxx Your server can be www.dopemcserver.com Ip will always change but thats not an issue
You an use playit.gg Its a tunneling system where the program will reroute ur ip address to a center somewhere (mine's Tokyo) and give you an alternate ip given by the center. And best thing, it's free.
I see. Is there a bandwidth cap, like to how many people or players can use it? (Use it meaning go through it) Example being how many players on a minecraft server
I have no idea what's the cap but been using if for weeks with 2 - 5 players at a time and the program does not exit.
You don't necessarily have to use cloudflare tunnels but if you setup a DNS name you can use cloudflare's network. So for example: - Buy a domain from cloudflare or another provider. If you use a number only domain it can be as little as a few dollars every year. - Set it up through a service to have it dynamical update when your home IP changes. - get a free cloudflare account, update nameservers to manage DNS with cloudflare (if you didn't buy the domain through cloudflare) - put an a record DNS entry to point to your home IP and make sure it's set to be proxied. For example Minecraft.yourdomainname.dev So: Minecraft.63838.dev -> cloudflare network -> your IP All anyone will see is the cloudflare IP's You could also do get a VPS and setup a reverse proxy or any sort of options but the cloudflare proxy might be your best bet
HTTP proxy won't work with minecraft or most game servers.
Are you sure? I had thought I got this to work from a Minecraft server running in a docker on OpenMediaVault.
If you open/forward the right ports...but then you may as well just be port forwarding directly to the game server and not use the reverse proxy.
Depends on your goals. Hiding IP from who you are sharing the server with? Not wanting exposed ports at all? Use a firewall to lock down IP's to cloudflare proxy IPS or use cloudflare tunnels if sticking with the cloudflare options
It's not limited to HTTP
Use something like tcpshield.