Expires in 12 months
14 September 2022
I want to play Minecraft with my friends, and I already have a server connected to the internet. My server isn't strong enough to run an Minecraft server instance. However, I do have a spare, powerful laptop that can handle the load. Port forwarding isn't possible. Both the server and laptop are connected to my Tailscale network. Can I make use of this to create a Minecraft server with an IP public? The answer was yes-and I was surprised at how easy it was. In addition the server is accessible and the latency was better than trying random "free hosting" services.
Halfway to Tailscale
Tailscale is already installed on all my devices. This means that when I create an Minecraft server instance on one device, I am able to connect immediately to it from the other devices. My friends don't have Tailscale yet! ), so unfortunately node sharing is not in the picture for the moment. Tailscale still lets me take advantage of Tailscale. My laptop will always have an IP that is relative to my server and the server will always have an IP relative to the public internet. The connection will be deterministic, and I won't need to make use of dynamic tricks.
Let's try the theory.
Let's see if Minecraft can detect it if I add the Tailscale IP...
It's a huge success! Now we only need to make it available on the internet for all to see.
iptables is your rescue!
In essence, iptables lets you to configure the rules of the Linux kernel firewall. In essence, it's very simple. The user creates tables and packets are routed via the tables. Java edition Minecraft servers utilize TCP port 25565.
It was easy to enable IP forwarding, and add 25565 to my list of open TCP ports:
The rule is designed
We can now adding the following commands to our firewall setup. Let dest_ip be the Tailscale IP address of the server. The first command is an additional rule to the PREROUTING chain. This is the place where packets arrive before they are processed. We then forward the packet to the laptop indicated by the IP address given by Tailscale. The second command allows the IP address of the packets remain the same, meaning that the server is only acting as an intermediary.
We have the following configuration:
Now we are rebuilding the server configuration, before testing again in Minecraft, this time using the server's public IP, it all is working just as would be expected!
Final touches: A DNS record
For the final touches *chef's kiss* adding an A record gave me a nice URL that I could offer people instead of an IP address.
Minecraft Server List
It's very quick! The proxy server is located on the East coast and even though the Minecraft server is located on the West coast, having played for hours today my friends and I had no problems whatsoever. I was able pin people via the connection, and latency was not too bad (77 milliseconds for those from New York).
Xe's blog post on Tailscale, NixOS and Minecraft inspired me to write this article, however my requirements were different. I didn't want my friends to install Tailscale to play on my server. I wanted to make use of the hardware I already had, using my server as an internet router.
My Website: https://minecraft-server-list.co/