Hello,
I tried to search for a log time, but without any help.
Is there an option, how to prevent direct connection to Sponge server without going through lobby?
I need to have IP-Forwarding=true, because of Pixelmon. So now every player comes to the server with his real IP Address.
Is there something like “You have to connect through the proxy”?
Thank you for all your help.
This should most likely be done at the system level, rather than through Sponge. Look up how to enable and add exceptions to whichever firewall comes with your OS.
Actually, I already look up how to do this, but there is the problem with the IP, that every player has its own. I think about firewall just to restrict, which port can go through.
I would rather set ip-forwarding to false, but then I can’t battle with pokemons.
Right. Any servers running on different machines from the proxy server should be firewalled with the sole exception being the proxy server, whereas any servers on the same machine as the proxy should simply not get a forwarded port.
Well, I will try to consult it with my friends, who works with the technical side of the servers, if it is possible to do it.
I have another thing on my mind. Do you know anything about Pixelmon?
I have ip forwarding true just because of pixelmon and without it there is a problem with battles for players with original Minecraft.
Pixelmon is dead and you are unlikely to find support for it. If battles do not work with IP forwarding + SpongePls, then it is likely a bug with Pixelmon, which won’t get fixed because of the aforementioned being dead.
Dead? I thought that too, but I found server with new versions for Minecraft 1.10.2 which is actively developed. The support in this case don’t have time for this type of fix, so I tried to find help here.
The battles is working with IP forwarding and SpongePls, but I want to have IP forwarding false and still be able to battle. I don’t know, where is the problem.
IP-Forwarding true + SpongePls + Online-mode true = Battle is working
IP-Forwarding false + SpongePls + Online-mode false = Battle is working (SpongePls is not even seems to do anything)
IP-Forwarding false + SpongePls + Online-mode true = Battle not working (SpongePls is not even seems to do anything)
Is there a way how to have this combination IP-Forwarding false + SpongePls + Online-mode true and battle get to work?
I am unfamiliar with the fork you’re talking about, but as the main project says on their front page, it is no longer being developed. If it is broken, then to make it work, it would need an update, which couldn’t be released legally.
Yeah, I know that.
The new version of Pixelmon is legally (they said).
Do you know how to force the SpongePls to work with IP-Forwarding false? Because, like I wrote, on false statement, it seems to do nothing, but with true statement, it says with connect, that the player was connected with Forge connection and this is what I need, I think.
And yes, I know the purpose of the SpongePls, but I think, that there should be the option to work without IP forwarding true. Just to “activate it” somehow.
Evidently you don’t understand the purpose of SpongePls. It makes IP-forwarding compatible with Forge. It has no function if IP forwarding is off, just like it has no function if Forge isn’t being used. There is nothing to ‘activate’.
And again, I am unfamiliar with this ‘new version’ of Pixelmon. Could you link it?
Oh, sorry, I forgot to link it, here you are: Staff removed link.
I’m using Forge and I know, that the purpose of the plugin is to enable IP-Forwarding on SpongeForge, but I still can’t understand, why I have to enable IP-Forwarding to be able to battle with pokemons (because when I run bungee in offline-mode, i can battle with IP-Forwarding false). I think about UUID or the Game Profile? I don’t understand this a lot.
Sorry, for my stupid question. I have not much experience in SpongeForge and even less experience with SpongeForge and BungeeCord used together.
At the end of the day, Sponge is a Minecraft Server API.
Whilst some limited support is available for proxies, and some members might be familiar with them, not every member on these forums is going to have intricate knowledge of the combination of Mods/Proxy Software/Server software you are using.
I would recommend asking other pixelmon server / network operators and see if they have any advice.
That said the following is a pure guess.
The battle system in Pixelmon uses custom packets, my instinct says this may be the reason why it’s failing behind bungee.
As for why the battle system works in offline bungee mode vs online bungee mode? I have no idea.
Can you post your bungee, SpongePls, and sponge configs?
I tried to ask other pixelmon servers, but they didn’t help others. I understand that.
About the configs. Here is the settings which works correctly.
BungeeCord: ip_forward: truenetwork_compression_threshold: 256stats: 1a3cb577-19a8-4a41- - Pastebin.com I need to setup ip-forwarding false
SpongePls: ###################################### SpongePls coniguration. YAML ONLY ### - Pastebin.com
Sponge: https://pastebin.com/ZXTatKcT Again, here I need to setup ip-forwarding galse
About the offline mode, I think, the reason is in packets, which is limited only in online-mode and in offline mode is it “unlimited”. I found out, that it is something about negative packet IDs? I don’t understand it well.
I think there is a lot of confusion as to how exactly BungeeCord works here and what each bit does, so let me quickly try to explain.
First, you need to think about what Bungee is. Bungee acts as a middle man, a player connects to Bungee, Bungee connects to the server - traditionally, the player connects to the server. Because Bungee isn’t a real player, just proxies the player, servers cannot authenticate connections against the Mojang service, and servers only know the IP address of the proxy. This also means that if players know where your server is, they can directly connect to it and impersonate whoever they want.
IP Forwarding tries to fix this, by modifying how Bungee connects to the server. Bungee sends extra information on connection containing the player’s real IP address and their game profile. This way, the server has enough information to pretend it’s in online mode and treats the player as if it connected directly.
Now, I think Pixelmon was built assuming online-mode. It’s been a long standing “issue”, as far as I am aware, that the battle code never worked in offline mode - and the developers didn’t care to fix it. That’s their perogative. IP forwarding works here because the server treats the player as if they are in online mode - their UUID matches what they expect, I guess.
With this in mind, BungeeCord needs a modification to allow Forge clients to connect using IP forwarding due to clashes in how IP forwarding data and the Forge marker is sent to servers - they both send the same thing and break each other. I wrote a patch for Bungee 2 years ago to fix this, it has not yet been pulled. SpongePls takes my code and wraps it into a plugin. I’m not familiar with how it works, but it seems to require configuration. There are other BungeeCord forks that include my patch, including Waterfall and HexagonMC’s fork - you may find they work better for you.
Remember, IP forwarding needs to be turned on in the BungeeCord config file, as well as in two places in the Sponge global.conf, modules.bungeecord and bungeecord.ip-forwarding need to be set to true.
Now, to answer other questions with this context in mind:
ufw, firewalld etc.) so I can’t really tell you how to do it here, but you need to allow the ports for ssh and your bungee proxy only. Even with IP forwarding on, it’s trivial to direct connect and take over someone else’s account on your server.I would like to thank you a lot for your explanation.
I tried to use Waterfall too, but with the same result like BungeeCord. I need to have IP-Forwarding true, if I want to have online-mode true. I still can have IP-Forwarding false, but with this I have to set online-mode false too.
I wanted to have IP-Forwarding false, because on other BungeeCords (which is connected to regular servers) is IP-Forwarding false too and the firewall protect is much better, because you just need to leave open just one IP and that’s all. With IP Forwarding true, you can block just ports and still is there a chance, that the player can find the used port and then the firewall is useless. Or am I wrong? I understand this situation like that.
I will try to use HexagonMC fork of BungeeCord. Thank you a lot again!
I still believe, that there is a chance, how to set IP-Forwarding false, online-mode true and be able to battle with Pokemon 
Anyway, thank you all for your help! If anyone know solution for this, I would be grateful to know it too. 
Ah, I wonder if that’s your problem, you should always have online-mode set to false on your servers connected to Bungee. IP forwarding is your replacement for online mode when using Bungee.
You should always, wherever possible, turn ip-forwarding ON. IP forwarding is nothing to with finding ports and your firewall, it’s simply about transferring information to the server from Bungee. If you have no firewall, I can directly connect to your server with or without the forwarding - you need a firewall, worse, I can connect as whoever I like.
I think you’re thinking about what IP forwarding is wrong too. IP forwarding is a bad name really, you should note that it doesn’t change the connection itself. Players still connect to Bungee, the server still gets a connection from the server. It just tells the server what the IP address of the player really is - the server still gets the connection from the bungee IP, not the player one.
Turn on IP forwarding, turn off online mode on your servers (but not Bungee), get a firewall and block the port numbers of your servers to prevent direct connection.
You are right. I was thinking about IP-Forwarding in a wrong way. I will do it, like you wrote.
Thank you a lot. You save my life
I’m just thinking about one thing.
When I set port of the servers in firewall and then another player make BungeeCord with the IP and port of the server…
Can the player connect to the server from his own BungeeCord?
No, and they should not be able to. Only BungeeCord servers that you set up should be able to access the servers.
If you have BungeeCord servers on a different dedicated server to your game servers, you’ll need to add IP exceptions for those on your firewall - but I suggest you get someone you trust to help you with that.
Ok, that was exactly, what I wanted to know!
Thank you very much dualspiral!