I am currently in the process of setting up a private SMP server for some of my friends and me to play on. I've fully configured the server and setup the properties file the way I want, and run some tests over my LAN to make sure everything worked smoothly. Now, I am ready to host the server, but here I grow concerned over a number of things, primarily, what is the best way to host the server?
I've looked into using Hamachi, but unfortunately, the host machine does not have the capability to run Hamachi as well as the server, as I had to allocate most of its RAM to the server to ensure it runs smoothly. So now, I am at a loss as to what is the most secure option for hosting my server:
I've looked into numerous options, including port forwarding, static NAT mapping, and even DMZ hosting. Unfortunately, hours of Googling these yielded little. So here are my inquiries:
- Ideally, I'd like to use a VPN, but as mentioned, Hamachi has been ruled out. What would be some other (decent) options for VPN freeware? Also, would a P2P VPN work, or does it need to be a mesh VPN? (I place utmost stress on freeware; paying for a VPN service is something that I absolutely am unable to do.)
- Currently, my router has dynamic NAT enabled. What are the security drawbacks of using static NAT mapping to map the server's internal IP with one external IP? Additionally, would users outside the LAN be able to connect to the server if I didn't use static NAT mapping?
- Security-wise, what drawbacks are there if I was to enable port-forwarding for the server? (Also, some links to some guides on how to set up the server by port-forwarding would be nice)
- Is it even recommended that I go the way of DMZ hosting? This one is the biggest gray area for me, as I have a bunch of other questions about DMZ hosts:
* If I set up a the server as a DMZ host in my LAN (keep in mind this is not a true DMZ, as it's on a home broadband network), what security precautions should be taken to ensure this DMZ host stays separate from the rest of the computers?
* What would be the best way to isolate the DMZ host from the rest of the LAN?
- Should there be any other options, please, by all means, post them.
I thank you all in advance for your answers and advice.
I would setup a system with Windows Home Server 2011 which allows you to setup a VPN server. People can connect to the VPN and then play Minecraft on your server.
Port forwarding is completely fine if you are only opening a few ports, but it does expose those ports to the Internet. Port forwarding is different on every router.
When it comes to the DMZ I'd avoid it since a DMZ server has all of the ports open to the Internet which isn't very secure.
just portforward, all your other questions are void. Also if you dont have enough ram free for hamachi then you are giving mc too much memory and the os too little. Hamachi will take little to no memory. And if you mean cpu just a nice tip, any cpu pentium 4 and up can run mc server well
I've looked into using Hamachi, but unfortunately, the host machine does not have the capability to run Hamachi as well as the server, as I had to allocate most of its RAM to the server to ensure it runs smoothly. So now, I am at a loss as to what is the most secure option for hosting my server:
I've looked into numerous options, including port forwarding, static NAT mapping, and even DMZ hosting. Unfortunately, hours of Googling these yielded little. So here are my inquiries:
I thank you all in advance for your answers and advice.
Port forwarding is completely fine if you are only opening a few ports, but it does expose those ports to the Internet. Port forwarding is different on every router.
When it comes to the DMZ I'd avoid it since a DMZ server has all of the ports open to the Internet which isn't very secure.