Jump to content
  • 0
Foob

Proxy Setup Guide (Hide VPS IP)

Question

Hello there,

Some of you might know this already and maybe have read the original guide for it. But for those who doesn't know it yet, see below.

Note: I’m sharing the steps on how to do it using CentOS7 for the proxy server/VM while the main server/VM will be anything you like as long as rAthena supports it.

Before everything else, I would like you to know that this guide will only work on CentOS7 and this doesn’t guarantee that it will provide low latency to your players since its main function is to HIDE the IP of your MAIN VPS to avoid being bombarded with unwanted traffic. In the event, you received lots of traffic on your proxy, you can just reject it on your main VPS via firewall rules/iptables.

Requirements

  1. Spare VPS to configure the proxy
  2. Patch your client using updated "Enable Proxy Support" patch provided by 4144's NEMO & Functor
  3. DO NOT patch "Skip Service Select" since you need it to choose from the multiple connections.
  4. Add multiple connection on your clientinfo.xml/sclientinfo.xml
  5. Configure subnet_athena.conf to prevent sending real IP in network packets from login and char servers. (Functor)
  6. (Optional) Enable "Cancel to Select Service" Patch

VPS Configuration (IMPORTANT)

Note: Again, make sure that your VPS is using CentOS7 since this was tested under the said OS and working 100%

Follow the commands provided below.

/* Port Forwarding CentOS 7 FirewallD */
// ========================================================================
// Please read the comments per line it is self-explanatory.
// Important Parameters:
// INSERT_ZONE = output of the get default zone
// INSERT_IP = is the public IP of your main VPS or server
// If you like the guide give it a thumbs up!
// ========================================================================

// This command is to get the default zone being used by your VM.
firewall-cmd --get-default-zone

// This command is to check all rules applied to your VM by the current active zone.
firewall-cmd --zone=INSERT_ZONE --list-all

// Enabling Masquerade Status (IP Forwarding). 
// This is the important configuration else below won't work
firewall-cmd --zone=INSERT_ZONE --add-masquerade --permanent

// IP/Traffic forwarding
// Make sure you have configured masquerade
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6900:proto=tcp:toport=6900:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6121:proto=tcp:toport=6121:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=5121:proto=tcp:toport=5121:toaddr=INSERT_IP --permanent

// Add rules for ro-ports (assuming that you didn't change the port)
firewall-cmd --zone=INSERT_ZONE --add-port=6900/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=6121/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=5121/tcp --permanent

// Reload rules to take effect
firewall-cmd --reload

clientinfo.xml/sclientinfo.xml Configuration (IMPORTANT)

The example below shows how to configure multiple connections/tunnel to your VPS. (P.S. I'm not quite sure how many connection is the limit that can be defined on the xml)

<?xml version="1.0" encoding="euc-kr" ?>
<clientinfo>
	<desc>Ragnarok Online Client Information</desc>
	<servicetype>america</servicetype>
	<servertype>primary</servertype>
	<connection>
		<display>^FF0000[ SE Asia ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to SEA Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US Central ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US Central Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US West ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US West Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.org/board</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
</clientinfo>

subnet_athena.conf (IMPORTANT)

Change the default value (shown below)

subnet: 255.0.0.0:127.0.0.1:127.0.0.1

TO

subnet: 0.0.0.0:127.0.0.1:127.0.0.1

As per Functor, "If you will just apply the patch of EXE - game client will not use these IPs from network packets. But players will be able to find real IP by using any network sniffer.".

That's it. If you have question, drop by a comment. ROK On!

Original Links: Ragnarok Proxy Setup (Hide your VPS IP)
Other: rAthena via GCP (In a nutshell)

Edited by iAmGnome
  • Upvote 7

Share this post


Link to post
Share on other sites

30 answers to this question

Recommended Posts

  • 0

WHAT IS ZONE MEAN?

Share this post


Link to post
Share on other sites
  • 0
On 2/22/2020 at 8:50 PM, Vy Low said:

 but inorder to check that the proxy is working as intended you need to check from login > char > map, the best way to do it is try logging in to login server and check the ip connected to the login port, then proceed to char ip, then check again on the char server if proxy ip is connected to the char server port as well as the map server, this is one way to ensure that proxy is working properly, otherwise it will only read the proxy ip on the login server, but then uses players ip when connecting to char and map.

Hi, Vy low can you explain more detail about your step to check it that?

what config do you use to make scenario like this

Quote

but then uses players ip when connecting to char and map.


 

Share this post


Link to post
Share on other sites
  • 0
33 minutes ago, LearningRO said:

Hi, Vy low can you explain more detail about your step to check it that?

what config do you use to make scenario like this


 

use wireshark or netstat

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)

  

On 4/30/2019 at 4:59 AM, Foob said:

subnet_athena.conf (IMPORTANT)

Change the default value (shown below)

subnet: 255.0.0.0:127.0.0.1:127.0.0.1

TO

subnet: 0.0.0.0:127.0.0.1:127.0.0.1

As per Functor, "If you will just apply the patch of EXE - game client will not use these IPs from network packets. But players will be able to find real IP by using any network sniffer.".

That's it. If you have question, drop by a comment. ROK On!

Original Links: Ragnarok Proxy Setup (Hide your VPS IP)
Other: rAthena via GCP (In a nutshell)

I cant connect to the server if the subnet is:

subnet: 0.0.0.0:127.0.0.1:127.0.0.1

The char sever doesn't respond. How can I solve this problem?

Edit: never mind. It was a problem with the hexed not being correctly patched. It's all good now. Thanks!

Edited by AngelRO

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)
On 5/23/2019 at 4:49 AM, CrescentSaga said:

It won't solve your problem if a DDOS attack goes directly into your server,
Since you're still using the same network interface, getting that pipe saturated will prevent you from restarting/changing your server IP.
And as far as renting a server goes, changing your IP can take quite a while.

Whoever if you hide your server IP behind a proxy, let's say a Google VM or Amazon, you can instantly change your VM IP into something else and repatch your client.
This is quickly stop the attack since they are now targetting an unused IP. More-over, if you can setup multiple proxy for your server, you can set the Amazon/Google VM to instantly shutdown itself if it's under attack,
This will save you a lot of trouble from having to change your IP, and DDOS, as common as it is, cost money.

The more proxy they have to shut down to stop you, the more expensive it gets for them.
And there's always the limitation of resources your attacker has to keep DDOS-ing you, at some point, they won't be able to keep stricking you.

At a better level, you can also set load balancing for your VM.
Which will help tremendously in reducing the strain of DDOS attack on your proxy.

And as an added bonus, some provider does provide with a basic anti-ddos.
It is not as powerful, but it will stop some basic attacks.

If I setup a proxy server behind load balancers, won't they all share the same IP?

What happens if someone attacks the load balance servers? Only one of the VMs will be knocked down, right?

What's better: to maintain a few *persistent* machines serving as proxies or to setup a single load balancer?

I know that hosting a server on a DDoS protected host would be a much better option, but unfortunately I don't know any good hosting company in Brazil. I would love to use ovh and save time, money and headache, but I don't see any good alternative.

Edited by AngelRO

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.