I think there is a lot of confusion as to how exactly BungeeCord works here and what each bit does, so let me quickly try to explain.
First, you need to think about what Bungee is. Bungee acts as a middle man, a player connects to Bungee, Bungee connects to the server - traditionally, the player connects to the server. Because Bungee isn’t a real player, just proxies the player, servers cannot authenticate connections against the Mojang service, and servers only know the IP address of the proxy. This also means that if players know where your server is, they can directly connect to it and impersonate whoever they want.
IP Forwarding tries to fix this, by modifying how Bungee connects to the server. Bungee sends extra information on connection containing the player’s real IP address and their game profile. This way, the server has enough information to pretend it’s in online mode and treats the player as if it connected directly.
Now, I think Pixelmon was built assuming online-mode. It’s been a long standing “issue”, as far as I am aware, that the battle code never worked in offline mode - and the developers didn’t care to fix it. That’s their perogative. IP forwarding works here because the server treats the player as if they are in online mode - their UUID matches what they expect, I guess.
With this in mind, BungeeCord needs a modification to allow Forge clients to connect using IP forwarding due to clashes in how IP forwarding data and the Forge marker is sent to servers - they both send the same thing and break each other. I wrote a patch for Bungee 2 years ago to fix this, it has not yet been pulled. SpongePls takes my code and wraps it into a plugin. I’m not familiar with how it works, but it seems to require configuration. There are other BungeeCord forks that include my patch, including Waterfall and HexagonMC’s fork - you may find they work better for you.
Remember, IP forwarding needs to be turned on in the BungeeCord config file, as well as in two places in the Sponge global.conf
, modules.bungeecord
and bungeecord.ip-forwarding
need to be set to true.
Now, to answer other questions with this context in mind:
- SpongePls was designed to enable IP forwarding, and BungeeCord either has the forwarding on or off. You shouldn’t need to turn it off for specific servers.
- Pixelmon, as far as I am aware, simply uses the Mojang plugin channel packets. There were no custom packets per sé - negative ID packets were a problem with other mods though (you have to use Waterfall to fix that).
- Regardless of whether IP forwarding is on or off, your server is vulnerable unless you use a firewall to block the direct server ports from accessed outside of your network. You need to add a firewall, different OSes and distrobutions of OSes use different firewall software (
ufw
, firewalld
etc.) so I can’t really tell you how to do it here, but you need to allow the ports for ssh and your bungee proxy only. Even with IP forwarding on, it’s trivial to direct connect and take over someone else’s account on your server.