Restrict access to server to "registered" users

Post Reply
freefall
Member
Posts: 19
Joined: Mon Dec 21, 2020 12:20

Restrict access to server to "registered" users

by freefall » Post

We are doing internal trainings on Minetest. However, we want to move our server out of the VPN into the DMZ, so that everybody can access the server from the home office. We are concerned exposing an open server to the public internet, where everybody could possibly find it (even if it is via port scan). We would like to restrict access to the server to "pre-registered" users, only.

Is there a way to configure the server this way? Or is there a mod out there which would support us in restricting access to our server?

User avatar
davidthecreator
Member
Posts: 452
Joined: Mon Aug 18, 2014 19:48
GitHub: daviddoesminetest
In-game: DavidDoesMinetest
Location: Lithuania

Re: Restrict access to server to "registered" users

by davidthecreator » Post

This might be it?

viewtopic.php?t=8004

sfan5
Moderator
Posts: 4094
Joined: Wed Aug 24, 2011 09:44
GitHub: sfan5
IRC: sfan5
Location: Germany

Re: Restrict access to server to "registered" users

by sfan5 » Post

This functionality is usually called "whitelist", you can find a mod implementing this here:
viewtopic.php?t=25368
Mods: Mesecons | WorldEdit | Nuke & Minetest builds for Windows (32-bit & 64-bit)

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Re: Restrict access to server to "registered" users

by Festus1965 » Post

DMZ I hope is the wrong explanation about your project,

MTS need only the port 30000 or this kind, but DMZ means much more.

Preregistered gamer is so far quite easy even with the typical installation,
* just set on no register, or set a nearly not possible password, and no any grants if some come in this way
* I did it for the friends for my daughter on the shadow mtserver ... after I was sure about there willing to join, I know there 'wanted/suggested' name (as met with parents in school) and gave them a entrance password for the first time,
* and set this gamer at home with password and rights (interact, ...) and also positioned the avatar with also set right chat channel at a starting location for this group ...

If they are more or should be automatic ... maybe need some programming in another way, to get this gamer into the auth database ... "bypass" the typical way.
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

freefall
Member
Posts: 19
Joined: Mon Dec 21, 2020 12:20

Re: Restrict access to server to "registered" users

by freefall » Post

@davidthecreator, @sfan5 Whitelisting sounds perfect. But both mods assume that the users are already registered and only new users are blocked from joining. How can I edit the whitelist?

@Festus1965 Your solution sound quite reasonable. Since we only have to add some 10 participants per training, no problem with manual work. But how and where to "set on no register"? I cannot find that option in minetest.conf but I assume that it has to go there, right?

sfan5
Moderator
Posts: 4094
Joined: Wed Aug 24, 2011 09:44
GitHub: sfan5
IRC: sfan5
Location: Germany

Re: Restrict access to server to "registered" users

by sfan5 » Post

freefall wrote:
Mon Mar 22, 2021 15:45
Whitelisting sounds perfect. But both mods assume that the users are already registered and only new users are blocked from joining. How can I edit the whitelist?
I don't think the whitelisting mod distinguishes already registered and new users. You can find a list of commands to manage the whitelist here: https://content.minetest.net/packages/Zughy/whitelist/
Mods: Mesecons | WorldEdit | Nuke & Minetest builds for Windows (32-bit & 64-bit)

User avatar
sorcerykid
Member
Posts: 1841
Joined: Fri Aug 26, 2016 15:36
GitHub: sorcerykid
In-game: Nemo
Location: Illinois, USA

Re: Restrict access to server to "registered" users

by sorcerykid » Post

My Auth Redux mod provides the ability to create rulesets (much like a firewall) to allow or deny server access based on any number of criteria, everything from player count to time of day.

You can simply block new users from registering. You can supply a whitelist as a plain text file in the world directory. You can even filter by IP addresses for an extra layer of security, assuming your users have static IPs.

https://github.com/sorcerykid/auth_rx/wiki

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Re: Restrict access to server to "registered" users

by Festus1965 » Post

freefall wrote:
Mon Mar 22, 2021 15:45
@Festus1965 Your solution sound quite reasonable. Since we only have to add some 10 participants per training, no problem with manual work. But how and where to "set on no register"? I cannot find that option in minetest.conf but I assume that it has to go there, right?
I used this long time,
yes there is no setting so far I remember,
I just set a only myself known impossible crazy password, default_password = %h2xx9&# ... like
also
* do you need to announce ? - If not, already low attempts to join
* disallow_empty_password = true - need password, but unknown
= like blocking new register

As I had months a default password and even offered it in description, MOST 99% of gamer didn't get it to work. Mean not able to read, not able to see and further nor able to use it, really !!!

So this simple solution with a "unknown" password is safe for your option.

This 10 people will get then a information about there gamer name and password, and if they don't know the other names and are forced to change it after login, I am sure no problem.
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

freefall
Member
Posts: 19
Joined: Mon Dec 21, 2020 12:20

Re: Restrict access to server to "registered" users

by freefall » Post

sorcerykid wrote:
Mon Mar 22, 2021 22:18
My Auth Redux mod provides the ability to create rulesets (much like a firewall) to allow or deny server access based on any number of criteria, everything from player count to time of day.
Your mod sounds like the optimum solution. I tried to set it up but ran into a couple of issues. First, I had to convert auth.sqlite into auth.txt (check). But on my Mac, the awk script (standard conversion) runs into a syntax error on line 42. No idea why this happens. Might that be an incompatibility with Mac's awk?

freefall
Member
Posts: 19
Joined: Mon Dec 21, 2020 12:20

Re: Restrict access to server to "registered" users

by freefall » Post

sfan5 wrote:
Mon Mar 22, 2021 19:49
I don't think the whitelisting mod distinguishes already registered and new users. You can find a list of commands to manage the whitelist here: https://content.minetest.net/packages/Zughy/whitelist/
I'll give it a try... Thanks.

User avatar
TenPlus1
Member
Posts: 3715
Joined: Mon Jul 29, 2013 13:38
In-game: TenPlus1
Contact:

Re: Restrict access to server to "registered" users

by TenPlus1 » Post

This is what we use on Xanadu server:

Code: Select all

local no_new = true -- border defaults to closed

minetest.register_chatcommand("border", {
	params = "",
	description = "Toggles server border to allow new players",
	privs = {server = true},

	func = function (name, param)

		if no_new == true then
			no_new = false
			minetest.chat_send_player(name, "Server borders open.")
		else
			no_new = true
			minetest.chat_send_player(name, "Server borders closed.")
		end
	end
})

minetest.register_on_prejoinplayer(function(name, ip)

	-- if player doesn't exist check border status and disconnect if needed
	if not minetest.player_exists(name) and no_new == true then
		return ("\nSorry, no new players being admitted at this time!")
	end
end)

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Re: Restrict access to server to "registered" users

by Festus1965 » Post

Oh yes, there as or are two mods that might help, yes,

border [up|down]
no_new

one of them allow you to set a visa for a login trial, when you recognize that this one was pronounced to have to be there ...
but as of my experience and you wrote about 10 each session ... your faster and more save with manual set this new gamer and send them the access.
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

freefall
Member
Posts: 19
Joined: Mon Dec 21, 2020 12:20

Re: Restrict access to server to "registered" users

by freefall » Post

TenPlus1 wrote:
Tue Mar 23, 2021 20:51
This is what we use on Xanadu server:

Code: Select all

...
That's the most simple solution and completely sufficient for us. Thanks.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests