Jump to content
  • 0
Foob

Proxy Setup Guide (Hide VPS IP)

Question

Hello there,

Some of you might know this already and maybe have read the original guide for it. But for those who doesn't know it yet, see below.

Note: I’m sharing the steps on how to do it using CentOS7 for the proxy server/VM while the main server/VM will be anything you like as long as rAthena supports it.

Before everything else, I would like you to know that this guide will only work on CentOS7 and this doesn’t guarantee that it will provide low latency to your players since its main function is to HIDE the IP of your MAIN VPS to avoid being bombarded with unwanted traffic. In the event, you received lots of traffic on your proxy, you can just reject it on your main VPS via firewall rules/iptables.

Requirements

  1. Spare VPS to configure the proxy
  2. Patch your client using updated "Enable Proxy Support" patch provided by 4144's NEMO & Functor
  3. DO NOT patch "Skip Service Select" since you need it to choose from the multiple connections.
  4. Add multiple connection on your clientinfo.xml/sclientinfo.xml
  5. Configure subnet_athena.conf to prevent sending real IP in network packets from login and char servers. (Functor)
  6. (Optional) Enable "Cancel to Select Service" Patch

VPS Configuration (IMPORTANT)

Note: Again, make sure that your VPS is using CentOS7 since this was tested under the said OS and working 100%

Follow the commands provided below.

/* Port Forwarding CentOS 7 FirewallD */
// ========================================================================
// Please read the comments per line it is self-explanatory.
// Important Parameters:
// INSERT_ZONE = output of the get default zone
// INSERT_IP = is the public IP of your main VPS or server
// If you like the guide give it a thumbs up!
// ========================================================================

// This command is to get the default zone being used by your VM.
firewall-cmd --get-default-zone

// This command is to check all rules applied to your VM by the current active zone.
firewall-cmd --zone=INSERT_ZONE --list-all

// Enabling Masquerade Status (IP Forwarding). 
// This is the important configuration else below won't work
firewall-cmd --zone=INSERT_ZONE --add-masquerade --permanent

// IP/Traffic forwarding
// Make sure you have configured masquerade
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6900:proto=tcp:toport=6900:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6121:proto=tcp:toport=6121:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=5121:proto=tcp:toport=5121:toaddr=INSERT_IP --permanent

// Add rules for ro-ports (assuming that you didn't change the port)
firewall-cmd --zone=INSERT_ZONE --add-port=6900/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=6121/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=5121/tcp --permanent

// Reload rules to take effect
firewall-cmd --reload

clientinfo.xml/sclientinfo.xml Configuration (IMPORTANT)

The example below shows how to configure multiple connections/tunnel to your VPS. (P.S. I'm not quite sure how many connection is the limit that can be defined on the xml)

<?xml version="1.0" encoding="euc-kr" ?>
<clientinfo>
	<desc>Ragnarok Online Client Information</desc>
	<servicetype>america</servicetype>
	<servertype>primary</servertype>
	<connection>
		<display>^FF0000[ SE Asia ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to SEA Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US Central ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US Central Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US West ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US West Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
</clientinfo>

subnet_athena.conf (IMPORTANT)

Change the default value (shown below)

subnet: 255.0.0.0:127.0.0.1:127.0.0.1

TO

subnet: 0.0.0.0:127.0.0.1:127.0.0.1

As per Functor, "If you will just apply the patch of EXE - game client will not use these IPs from network packets. But players will be able to find real IP by using any network sniffer.".

That's it. If you have question, drop by a comment. ROK On!

Original Links: Ragnarok Proxy Setup (Hide your VPS IP)
Other: rAthena via GCP (In a nutshell)

Edited by iAmGnome
  • Upvote 7

Share this post


Link to post
Share on other sites

30 answers to this question

Recommended Posts

  • 0

@iAmGnome You forgot about the important additional step. If you want to hide the IP of main VPS - you need to prevent sending real IP in network packets from login and char servers.

Because if you will just apply the patch of EXE - game client will not use these IPs from network packets. But players will be able to find real IP by using any network sniffer.

Open "../conf/subnet_athena.conf" and change:

subnet: 255.0.0.0:127.0.0.1:127.0.0.1

to:

subnet: 0.0.0.0:127.0.0.1:127.0.0.1

 

Edited by Functor
  • Upvote 2

Share this post


Link to post
Share on other sites
  • 0

@Functor: Thanks for correcting the guide. Updated main thread.

@KeyMaster: The proxy IP's should be from your VPS IP.

Share this post


Link to post
Share on other sites
  • 0
On 4/30/2019 at 3:59 PM, iAmGnome said:

Hello there,

Some of you might know this already and maybe have read the original guide for it. But for those who doesn't know it yet, see below.

Note: I’m sharing the steps on how to do it using CentOS7 for the proxy server/VM while the main server/VM will be anything you like as long as rAthena supports it.

Before everything else, I would like you to know that this guide will only work on CentOS7 and this doesn’t guarantee that it will provide low latency to your players since its main function is to HIDE the IP of your MAIN VPS to avoid being bombarded with unwanted traffic. In the event, you received lots of traffic on your proxy, you can just reject it on your main VPS via firewall rules/iptables.

Requirements

  1. Spare VPS to configure the proxy
  2. Patch your client using updated "Enable Proxy Support" patch provided by 4144's NEMO & Functor
  3. DO NOT patch "Skip Service Select" since you need it to choose from the multiple connections.
  4. Add multiple connection on your clientinfo.xml/sclientinfo.xml
  5. Configure subnet_athena.conf to prevent sending real IP in network packets from login and char servers. (Functor)
  6. (Optional) Enable "Cancel to Select Service" Patch

VPS Configuration (IMPORTANT)

Note: Again, make sure that your VPS is using CentOS7 since this was tested under the said OS and working 100%

Follow the commands provided below.

/* Port Forwarding CentOS 7 FirewallD */
// ========================================================================
// Please read the comments per line it is self-explanatory.
// Important Parameters:
// INSERT_ZONE = output of the get default zone
// INSERT_IP = is the public IP of your main VPS or server
// If you like the guide give it a thumbs up!
// ========================================================================

// This command is to get the default zone being used by your VM.
firewall-cmd --get-default-zone

// This command is to check all rules applied to your VM by the current active zone.
firewall-cmd --zone=INSERT_ZONE --list-all

// Enabling Masquerade Status (IP Forwarding). 
// This is the important configuration else below won't work
firewall-cmd --zone=INSERT_ZONE --add-masquerade --permanent

// IP/Traffic forwarding
// Make sure you have configured masquerade
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6900:proto=tcp:toport=6900:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6121:proto=tcp:toport=6121:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=5121:proto=tcp:toport=5121:toaddr=INSERT_IP --permanent

// Add rules for ro-ports (assuming that you didn't change the port)
firewall-cmd --zone=INSERT_ZONE --add-port=6900/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=6121/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=5121/tcp --permanent

// Reload rules to take effect
firewall-cmd --reload

clientinfo.xml/sclientinfo.xml Configuration (IMPORTANT)

The example below shows how to configure multiple connections/tunnel to your VPS. (P.S. I'm not quite sure how many connection is the limit that can be defined on the xml)

<?xml version="1.0" encoding="euc-kr" ?>
<clientinfo>
	<desc>Ragnarok Online Client Information</desc>
	<servicetype>america</servicetype>
	<servertype>primary</servertype>
	<connection>
		<display>^FF0000[ SE Asia ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to SEA Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US Central ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US Central Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US West ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US West Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
</clientinfo>

subnet_athena.conf (IMPORTANT)

Change the default value (shown below)

subnet: 255.0.0.0:127.0.0.1:127.0.0.1

TO

subnet: 0.0.0.0:127.0.0.1:127.0.0.1

As per Functor, "If you will just apply the patch of EXE - game client will not use these IPs from network packets. But players will be able to find real IP by using any network sniffer.".

That's it. If you have question, drop by a comment. ROK On!

Original Links: Ragnarok Proxy Setup (Hide your VPS IP)
Other: rAthena via GCP (In a nutshell)

Would Cloudflare be enough? Or is it just for web? Also, we could also use Floating IPs from Digitalocean right?

Share this post


Link to post
Share on other sites
  • 0
1 hour ago, Universe said:

Would Cloudflare be enough? Or is it just for web? Also, we could also use Floating IPs from Digitalocean right?

Not quite sure with regards to floating IPS of DigitalOcean. Better to try it but somehow it will work since it is integrated on their droplet which can use CentOS system. As for cloudfare, it won't work AFAIK since it only caters web traffic.

Share this post


Link to post
Share on other sites
  • 0

Okay thanks, will try. Will update you if it works. Also, btw so i could know if it would work. how would i get the ip that the server is connecting to? From Packets

Share this post


Link to post
Share on other sites
  • 0
54 minutes ago, Universe said:

Okay thanks, will try. Will update you if it works. Also, btw so i could know if it would work. how would i get the ip that the server is connecting to? From Packets

Use the command "@accinfo %playersname%" in-game. Tested this guide multiple times and it works like a charm.

Edited by Mosaic

Share this post


Link to post
Share on other sites
  • 0
On 5/4/2019 at 10:31 PM, Mosaic said:

Use the command "@accinfo %playersname%" in-game. Tested this guide multiple times and it works like a charm.

Won't that give the ip of the player? And not the server's ip through packets?

On 5/4/2019 at 9:36 PM, iAmGnome said:

Not quite sure with regards to floating IPS of DigitalOcean. Better to try it but somehow it will work since it is integrated on their droplet which can use CentOS system. As for cloudfare, it won't work AFAIK since it only caters web traffic.

I havn't tested yet since i don't know how to get packets data. But i think ( not sure though. ) that floating ips are different ips that does the same what the original ip does. Basically like a proxy. Correct me if i'm wrong though.

Here's a blog, if you need a much clear description.
https://blog.digitalocean.com/floating-ips-start-architecting-your-applications-for-high-availability/

Share this post


Link to post
Share on other sites
  • 0
On 5/5/2019 at 9:13 PM, melv0 said:

how about if i use debian?

Already have a guide provided on the link above.

 

On 5/5/2019 at 6:36 PM, Universe said:

I havn't tested yet since i don't know how to get packets data. But i think ( not sure though. ) that floating ips are different ips that does the same what the original ip does. Basically like a proxy. Correct me if i'm wrong though.

Here's a blog, if you need a much clear description.
https://blog.digitalocean.com/floating-ips-start-architecting-your-applications-for-high-availability/

Possible but not really. Floating IP can be classified as just an OM IP (not sure how to term it). It is where you deploy an instance (1+1) when an instance goes down you don't need to change the IP of it since the floating is routed to both instance. (weird explanation)  

Share this post


Link to post
Share on other sites
  • 0

Question, this "spare vps" can be availed in gcp with the lowest possible price? Then do the setup guide above, right? If i choose a US data center but my main server ip is in asia, will it affect the latency? Like incease lag if I do so?

Share this post


Link to post
Share on other sites
  • 0

@DeathStar the lowest price can be possible. The shared one (micro) type VM. After creating, follow the steps above. As for the latency, again the main objective of this tutorial is to hide your main IP. You can try it for yourself it it increases lag or decreases latency.

Share this post


Link to post
Share on other sites
  • 0

I tested it myself. Yes it increases lag depending on the server

Share this post


Link to post
Share on other sites
  • 0
24 minutes ago, pajodex said:

I tested it myself. Yes it increases lag depending on the server

Thanks for testing. As long as the main function works then its okay.

 

Share this post


Link to post
Share on other sites
  • 0
On 5/6/2019 at 8:17 PM, iAmGnome said:

Possible but not really. Floating IP can be classified as just an OM IP (not sure how to term it). It is where you deploy an instance (1+1) when an instance goes down you don't need to change the IP of it since the floating is routed to both instance. (weird explanation)  

Why not just use the floating ip as the server ip?

Share this post


Link to post
Share on other sites
  • 0
1 hour ago, Universe said:

Why not just use the floating ip as the server ip?

Floating is a single IP as far as I know.

Share this post


Link to post
Share on other sites
  • 0
On 5/17/2019 at 8:23 PM, Universe said:

Why not just use the floating ip as the server ip?

It won't solve your problem if a DDOS attack goes directly into your server,
Since you're still using the same network interface, getting that pipe saturated will prevent you from restarting/changing your server IP.
And as far as renting a server goes, changing your IP can take quite a while.

Whoever if you hide your server IP behind a proxy, let's say a Google VM or Amazon, you can instantly change your VM IP into something else and repatch your client.
This is quickly stop the attack since they are now targetting an unused IP. More-over, if you can setup multiple proxy for your server, you can set the Amazon/Google VM to instantly shutdown itself if it's under attack,
This will save you a lot of trouble from having to change your IP, and DDOS, as common as it is, cost money.

The more proxy they have to shut down to stop you, the more expensive it gets for them.
And there's always the limitation of resources your attacker has to keep DDOS-ing you, at some point, they won't be able to keep stricking you.

At a better level, you can also set load balancing for your VM.
Which will help tremendously in reducing the strain of DDOS attack on your proxy.

And as an added bonus, some provider does provide with a basic anti-ddos.
It is not as powerful, but it will stop some basic attacks.

Edited by CrescentSaga
  • Upvote 1

Share this post


Link to post
Share on other sites
  • 0
On 4/30/2019 at 5:32 PM, Functor said:

@iAmGnome You forgot about the important additional step. If you want to hide the IP of main VPS - you need to prevent sending real IP in network packets from login and char servers.

Because if you will just apply the patch of EXE - game client will not use these IPs from network packets. But players will be able to find real IP by using any network sniffer.

Open "../conf/subnet_athena.conf" and change:

subnet: 255.0.0.0:127.0.0.1:127.0.0.1

to:

subnet: 0.0.0.0:127.0.0.1:127.0.0.1

 

I can't login from both ip once I change the subnet of the server to 0 instead of 255.
But I can login if the subnet is 255 and the proxy IP is used when I checked in the login-server.

How to fix the connection when the subnet is changed?
Thank you.

Share this post


Link to post
Share on other sites
  • 0
On 7/8/2019 at 3:56 AM, Functor said:

@GodKnows Jhomz

- or you haven't applied patch "Enable Proxy Support"
- or you applied it by using old NEMO patcher

You can download the latest NEMO here: https://gitlab.com/4144/Nemo/-/archive/master/Nemo-master.zip

Okay thanks, I'll let you know once I tried to patch again with this new nemo since I already patched the Enable Proxy Support on my client. Thank you.

Share this post


Link to post
Share on other sites
  • 0
On 12/17/2019 at 4:45 AM, Osus said:

How about Ubuntu 16.04.6? @Functor @Foob

See attached "Link" on the 1st post. "Original guide for it".

Share this post


Link to post
Share on other sites
  • 0
On 4/30/2019 at 3:59 PM, Foob said:

Hello there,

Some of you might know this already and maybe have read the original guide for it. But for those who doesn't know it yet, see below.

 

Thank your guide.

I have a question, I follow the guide and success to login my server.

But in server,  all player ip will be proxy ip, how can fix it?

 

example

Quote

 

main vps ip: 111.111.111.111

proxy ip:111.111.111.112

player ip:111.111.111.113

 

player use script command "getcharip()"   or  mysql `login` `last_ip`

got the proxy ip (111.111.111.112) , not  player ip (111.111.111.113)

Edited by bluesky

Share this post


Link to post
Share on other sites
  • 0
5 hours ago, bluesky said:

Thank your guide.

I have a question, I follow the guide and success to login my server.

But in server,  all player ip will be proxy ip, how can fix it?

 

example

player use script command "getcharip()"   or  mysql `login` `last_ip`

got the proxy ip (111.111.111.112) , not  player ip (111.111.111.113)

Not sure how to do it. However that's the observed behavior if you use this setup. It will always use the proxy IP.

Share this post


Link to post
Share on other sites
  • 0

when you use proxy, it will read on the login as the proxy ip, similar to vpn. but inorder to check that the proxy is working as intended you need to check from login > char > map, the best way to do it is try logging in to login server and check the ip connected to the login port, then proceed to char ip, then check again on the char server if proxy ip is connected to the char server port as well as the map server, this is one way to ensure that proxy is working properly, otherwise it will only read the proxy ip on the login server, but then uses players ip when connecting to char and map.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.