Restrict access to server to "registered" users
Restrict access to server to "registered" users
We are doing internal trainings on Minetest. However, we want to move our server out of the VPN into the DMZ, so that everybody can access the server from the home office. We are concerned exposing an open server to the public internet, where everybody could possibly find it (even if it is via port scan). We would like to restrict access to the server to "pre-registered" users, only.
Is there a way to configure the server this way? Or is there a mod out there which would support us in restricting access to our server?
Is there a way to configure the server this way? Or is there a mod out there which would support us in restricting access to our server?
- davidthecreator
- Member
- Posts: 452
- Joined: Mon Aug 18, 2014 19:48
- GitHub: daviddoesminetest
- In-game: DavidDoesMinetest
- Location: Lithuania
-
- Moderator
- Posts: 4094
- Joined: Wed Aug 24, 2011 09:44
- GitHub: sfan5
- IRC: sfan5
- Location: Germany
Re: Restrict access to server to "registered" users
This functionality is usually called "whitelist", you can find a mod implementing this here:
viewtopic.php?t=25368
viewtopic.php?t=25368
- Festus1965
- Member
- Posts: 4181
- Joined: Sun Jan 03, 2016 11:58
- GitHub: Festus1965
- In-game: Festus1965 Thomas Thailand Explorer
- Location: Thailand ChiangMai
- Contact:
Re: Restrict access to server to "registered" users
DMZ I hope is the wrong explanation about your project,
MTS need only the port 30000 or this kind, but DMZ means much more.
Preregistered gamer is so far quite easy even with the typical installation,
* just set on no register, or set a nearly not possible password, and no any grants if some come in this way
* I did it for the friends for my daughter on the shadow mtserver ... after I was sure about there willing to join, I know there 'wanted/suggested' name (as met with parents in school) and gave them a entrance password for the first time,
* and set this gamer at home with password and rights (interact, ...) and also positioned the avatar with also set right chat channel at a starting location for this group ...
If they are more or should be automatic ... maybe need some programming in another way, to get this gamer into the auth database ... "bypass" the typical way.
MTS need only the port 30000 or this kind, but DMZ means much more.
Preregistered gamer is so far quite easy even with the typical installation,
* just set on no register, or set a nearly not possible password, and no any grants if some come in this way
* I did it for the friends for my daughter on the shadow mtserver ... after I was sure about there willing to join, I know there 'wanted/suggested' name (as met with parents in school) and gave them a entrance password for the first time,
* and set this gamer at home with password and rights (interact, ...) and also positioned the avatar with also set right chat channel at a starting location for this group ...
If they are more or should be automatic ... maybe need some programming in another way, to get this gamer into the auth database ... "bypass" the typical way.
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)
If urgend, you find me in Roblox (as CNXThomas)
Re: Restrict access to server to "registered" users
@davidthecreator, @sfan5 Whitelisting sounds perfect. But both mods assume that the users are already registered and only new users are blocked from joining. How can I edit the whitelist?
@Festus1965 Your solution sound quite reasonable. Since we only have to add some 10 participants per training, no problem with manual work. But how and where to "set on no register"? I cannot find that option in minetest.conf but I assume that it has to go there, right?
@Festus1965 Your solution sound quite reasonable. Since we only have to add some 10 participants per training, no problem with manual work. But how and where to "set on no register"? I cannot find that option in minetest.conf but I assume that it has to go there, right?
-
- Moderator
- Posts: 4094
- Joined: Wed Aug 24, 2011 09:44
- GitHub: sfan5
- IRC: sfan5
- Location: Germany
Re: Restrict access to server to "registered" users
I don't think the whitelisting mod distinguishes already registered and new users. You can find a list of commands to manage the whitelist here: https://content.minetest.net/packages/Zughy/whitelist/
- sorcerykid
- Member
- Posts: 1843
- Joined: Fri Aug 26, 2016 15:36
- GitHub: sorcerykid
- In-game: Nemo
- Location: Illinois, USA
Re: Restrict access to server to "registered" users
My Auth Redux mod provides the ability to create rulesets (much like a firewall) to allow or deny server access based on any number of criteria, everything from player count to time of day.
You can simply block new users from registering. You can supply a whitelist as a plain text file in the world directory. You can even filter by IP addresses for an extra layer of security, assuming your users have static IPs.
https://github.com/sorcerykid/auth_rx/wiki
You can simply block new users from registering. You can supply a whitelist as a plain text file in the world directory. You can even filter by IP addresses for an extra layer of security, assuming your users have static IPs.
https://github.com/sorcerykid/auth_rx/wiki
- Festus1965
- Member
- Posts: 4181
- Joined: Sun Jan 03, 2016 11:58
- GitHub: Festus1965
- In-game: Festus1965 Thomas Thailand Explorer
- Location: Thailand ChiangMai
- Contact:
Re: Restrict access to server to "registered" users
I used this long time,freefall wrote: ↑Mon Mar 22, 2021 15:45@Festus1965 Your solution sound quite reasonable. Since we only have to add some 10 participants per training, no problem with manual work. But how and where to "set on no register"? I cannot find that option in minetest.conf but I assume that it has to go there, right?
yes there is no setting so far I remember,
I just set a only myself known impossible crazy password, default_password = %h2xx9&# ... like
also
* do you need to announce ? - If not, already low attempts to join
* disallow_empty_password = true - need password, but unknown
= like blocking new register
As I had months a default password and even offered it in description, MOST 99% of gamer didn't get it to work. Mean not able to read, not able to see and further nor able to use it, really !!!
So this simple solution with a "unknown" password is safe for your option.
This 10 people will get then a information about there gamer name and password, and if they don't know the other names and are forced to change it after login, I am sure no problem.
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)
If urgend, you find me in Roblox (as CNXThomas)
Re: Restrict access to server to "registered" users
Your mod sounds like the optimum solution. I tried to set it up but ran into a couple of issues. First, I had to convert auth.sqlite into auth.txt (check). But on my Mac, the awk script (standard conversion) runs into a syntax error on line 42. No idea why this happens. Might that be an incompatibility with Mac's awk?sorcerykid wrote: ↑Mon Mar 22, 2021 22:18My Auth Redux mod provides the ability to create rulesets (much like a firewall) to allow or deny server access based on any number of criteria, everything from player count to time of day.
Re: Restrict access to server to "registered" users
I'll give it a try... Thanks.sfan5 wrote: ↑Mon Mar 22, 2021 19:49I don't think the whitelisting mod distinguishes already registered and new users. You can find a list of commands to manage the whitelist here: https://content.minetest.net/packages/Zughy/whitelist/
Re: Restrict access to server to "registered" users
This is what we use on Xanadu server:
Code: Select all
local no_new = true -- border defaults to closed
minetest.register_chatcommand("border", {
params = "",
description = "Toggles server border to allow new players",
privs = {server = true},
func = function (name, param)
if no_new == true then
no_new = false
minetest.chat_send_player(name, "Server borders open.")
else
no_new = true
minetest.chat_send_player(name, "Server borders closed.")
end
end
})
minetest.register_on_prejoinplayer(function(name, ip)
-- if player doesn't exist check border status and disconnect if needed
if not minetest.player_exists(name) and no_new == true then
return ("\nSorry, no new players being admitted at this time!")
end
end)
- Festus1965
- Member
- Posts: 4181
- Joined: Sun Jan 03, 2016 11:58
- GitHub: Festus1965
- In-game: Festus1965 Thomas Thailand Explorer
- Location: Thailand ChiangMai
- Contact:
Re: Restrict access to server to "registered" users
Oh yes, there as or are two mods that might help, yes,
border [up|down]
no_new
one of them allow you to set a visa for a login trial, when you recognize that this one was pronounced to have to be there ...
but as of my experience and you wrote about 10 each session ... your faster and more save with manual set this new gamer and send them the access.
border [up|down]
no_new
one of them allow you to set a visa for a login trial, when you recognize that this one was pronounced to have to be there ...
but as of my experience and you wrote about 10 each session ... your faster and more save with manual set this new gamer and send them the access.
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)
If urgend, you find me in Roblox (as CNXThomas)
Re: Restrict access to server to "registered" users
That's the most simple solution and completely sufficient for us. Thanks.
Who is online
Users browsing this forum: No registered users and 1 guest