p>I would like to play Minecraft with my friends, and I already have a server exposed to the internet. However, my server is severely underpowered and is not able to run an actual Minecraft server instance. On the other hand, I have a spare beefy laptop that can handle the load, however port forwarding is not feasible. Both the server and laptop are connected to my Tailscale network. Can I make use of this to create a Minecraft server that has an IP public? It was possible and I was amazed at how easy it was. In addition the server is usable and the latency was better than trying random "free hosting" services.
/p>
p>Halfway with Tailscale
/p>
p>Tailscale is already installed on all my devices. This means that when I create an Minecraft server instance on one device, I will be able to connect immediately to it from other devices. However my friends do not have Tailscale (yet! ) and so node sharing isn't in the picture for the moment. Tailscale still allows me to make use of Tailscale. My laptop will always have an IP relative to my server, and the server will always have an IP relative to public internet. Thus, the connection will be deterministic and I don't have to use any dynamic tricks.
/p>
p>Let's test the theory.
/p>
p>Let's see whether Minecraft recognizes it when I type in the Tailscale IP...
/p>
p>It's a huge success! It's just a matter of making it accessible online.
/p>
p>Iptables is here to save the day!
/p>
p>In essence, iptables lets you to configure the rules for the Linux kernel firewall. In essence, it's very simple. The user creates tables, and packets are routed through tables. Java edition Minecraft servers utilize TCP port 25565.
/p>
p>NixOS configuration
/p>
p>It was easy to enable IP forwarding, and add 25565 to my list of open TCP ports:
/p>
p>The rule is created
/p>
p>Now we can go ahead add the following commands to our firewall setup. Let dest_ip be the Tailscale IP of the server. The first command adds a rule to the PREROUTING chain which is where packets arrive before being processed. We basically forward the packet to Tailscale's IP address. https://minecraft-servers.cloud/ The second command essentially lets the IP address of the packet remain the same, which means the server is merely acting as a router.
/p>
p>We have the following setup:
/p>
p>Now we rebuild the server configuration, then checking again in Minecraft This time, using the server's public IP, it all is working just as was expected!
/p>
p>Final touches Final touches: A DNS record
/p>
p>For the final touches *chef's kiss*, adding an A record to the list gave me a nice URL I could offer people instead of an IP address.
/p>
p>Performance
/p>
p>It's very fast! My friends and I had no issues playing on the proxy server, which is located on the East coast. The Minecraft server is located on the West coast. I called people on the connection and the latency was not too bad (77 milliseconds for someone from New York).
/p>
p>Refer to
/p>
p>Xe's article on Tailscale, NixOS and Minecraft inspired me to write this article, however, my requirements were different. I did not want to require my friends to install Tailscale to play on my server, and I wanted to make use of the hardware I could access, basically letting me use my server as a crappy router.
/p>
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
