Minecraft Server Inside my pfSense box
I am a total noob at pfSense, my old roommate dropped off two computers at my apartment and said "I got these free - lets turn them into routers." Core i5's, so I didn't complain. So far I am having no issues getting them set up, but I was trying to see if I could run a minecraft server off of one, where I could connect from either side (WAN or LAN).
I have openjdk installed and minecraft running on the box, but I haven't the slightest clue on how to set up the connections to work. Currently I only have the WAN side to work with, waiting on my intel quad port NIC to come in the mail Friday.
On an unrelated note – if someone could point me to an accurate thread on how to mount an NTFS drive, that would be greeeaaat.... My attempts have failed there too.
Looking forward to having a lot of fun playing with this awesome distro but I think it will be a while before I get out of noob status.
Thanks a bunch everyone
It's a firewall, not a minecraft server.
Make one of the "boxes" a firewall and put the other one behind it as a minecraft server. Don't use pfSense to run the server. Use something more sane like Ubuntu LTS.
^ This. Put your MC server on the second box and just add a NAT rule to port-forward 25565 from pfSense WAN to the MC server.
That would be a lovely solution, but he's putting the other one at his house. I realize this isn't the intended us, or the safest thing to do in regards to security, just wanted to know if it was possible. The thing will run it, just no clue how to connect to it.
I'd rather get a straight up yes or no from someone pragmatic, than a scoffing at from pfsense purists.
Nobody is scoffing at you. Considering how most of us are network professionals who use pfSense in corporate environments, I doubt anyone here has any experience running Minecraft on pfSense. As part of our advice, we generally try to steer people away from things that aren't best practice. I've only been here for a little more than 2 years and I have never heard of anyone doing what you are trying to do. It may very well be possible to run MC on the firewall itself, with only a single WAN rule to allow access, but I've never done it so I can't really advise you as to how to do it successfully. Try adding a WAN rule:
Proto: IP4 TCP/UDP
Dest: WAN address
Dest port: (other) 25565
Thank you very much! I will try this out when I get home. I also appreciate you giving me a bit of context to the people of this forum; I had assumed that there would be more enthusiasts on here. My apologies if I had offended anyone.
I am more of a tinkerer and a see if I can do this kind of person, and will be trying to learn more about this tool as I get more time to read up on it and networking in general.
There are a lot of home users and tinkerers here, but typically the people with a lot of posts and high karma are the more experienced users and often network professionals.
If my suggestion doesn't work, come back and post your firewall log output.
pfSense is simply not the right tool for that job.
You would probably be happier installing Ubuntu on your hardware and just port forwarding a port on your linksys/dlink/tplink router.
Or installing a hypervisor and running pfSense alongside Ubuntu.
pfSense is not your typical "distro" and people often try to make it do too much. It does what it is designed to do very well. Hosting a game server isn't that.
I do appreciate the sound advice of using things for what they are optimized for – and not using them for what they are not. I do not plan to use this as my permanent minecraft server or host it for more than a handful of friends -- My more permanent solution will be a hypervisor sort of setup.
Kom thank you for being patient and providing a pragmatic answer - I will keep you posted if only to satisfy a bit of curiosity you might have :)
Success!!!! For now..
I implemented your rule, pointing the wan connection to self (this was really the question I had - whether this setting existed or would it just endlessly redirect…) and was able to see your server in my list to connect to (with a 17 ms ping). However, when I connected to it (or attempted to), the connection timed out and I was locked out of the web configurator as well.
At this point I was typing up a very sorrowful concession of defeat on this post.. until I remembered I had just installed snort and thought that might be actually doing its job and keeping out weird connections. Turns out this was the case.. though I haven't the slightest idea of how to configure snort efficiently at all let alone place an exception for these types of connections... Alas, this server is serving its purpose in letting me learn about networking and pfSense, in a rather roundabout fashion. But it does work, and takes very little resources. I have the JVM limited to 2 GB (out of 6) and with just me on it the CPU was running at about 3%.
So, to answer my own burning question (with the much needed help of KOM)... YES. You can run a Minecraft server on your pfSense machine.
This is where I would like to know what potential security hazards doing such a task would open me up to, aside from the fact that minecraft can quickly turn into a resource hungry animal.
Thanks again for being a good community, sorry for being a bit brash at first. I look forward to learning a lot from you guys and my experiences with pfSense. Fingers crossed my roommates will let me use it as my main router/firewall.
for anyone interested in what I did, I have openjdk 1.8_72 running minecraft 1.8.9 on a screen that I executed from the shell built into pfSense, and KOM's WAN rule above pointed to self (this firewall).
EDIT -- it bothered me so I went hunting for a proper snort setup guide. Followed the instructions here (https://forum.pfsense.org/index.php?topic=61018.0) and the server works through the firewall no problem. I think I had two rule sets turned on before and/or set my policy to restrictive. Serves me right for just toying with settings and "what looks right."
So mission accomplished. Cool.
I wasn't sure if using WAN address vs This Firewall would make any difference.
I used to run a fully-featured Minecraft server (Craftbukkit, 30+ plugins) for a bunch of local kids on my VPS, but I had to shut it down because I needed the resources for other services and didn't want to pay more per month for the server.
Glad to hear you got it working.
Alrighty - anyone well versed in scripting? The next step to this process would be automating the launch of the minecraft jar. I have tried making a script.sh and adding it to shellcmd, and dumping it directly into the rc.d directory. the permissions on that script are 777.. still nothing happens. any ideas?
This question is more suited to a Minecraft forum.
JuantonJohn last edited by
Very cool you were able to get this to work. 8)
I have found pfSense will do really strange things if it doesn't like the setup (hardware, usually). Fair warning if you start getting strange results.
Since your problem solution seems to be very unique, please post as much details as possible about what you followed to make this happen. Others may find this very useful in the future.
Links to openjdk
Quad port model # used.
Rules used / not used, etc.
Have fun and good luck.
b. pkg install openjdk8
a. I followed this guide, but instead of sudo apt-get, I just used pkg: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-minecraft-server-on-linux
b. note that if you run the commands from root or from a script, it may create all the minecraft files in an unexpected directory.. Most likely just an operator error on my part but all my files ended up in my /root directory instead of my /minecraft one.
3. pfSense rules
a. Create a new firewall rule
i. interface WAN, protocol TCP, source ANY, Destination THIS FIREWALL(SELF), Port Range from (OTHER) 25565 to (OTHER) 25565
thats about it. the NIC I am using is an intel pro 1000 pt gigabit quad port interface card, I believe the 9490 model.. and my machine is a Dell Optiplex 790 with an i5 and 6 GB of mixed ram (2x2 + 2x1). I can access the minecraft server from both LAN and WAN, which is nice. Anything else just ask. Still working on the autorun script issue.. oh well.