Emenblade

hey so im trying to use your space engineers dedicated server docker, it initially wants to install without networking when installed from the app catalogue so i added bridge networking. then i ran the dedicated server thing on my pc and copied the world to the correct appdata folder in my server. the server now loops and this is the error i get, sorry to post it as a picture, but it immediately closes the log window. what am i doing wrong here? error log.txt

Hey guys, any one in here using [Red-dashboard](https://github.com/Cog-Creators/Red-Dashboard) with red-discord bot? if so id love to know how you got it working. Thanks!

Weird! Yeah I mean I had satisfactory running for about a month. It even uses some of the same ports. Perhaps they limit the number of active connection requests, or include a player ID of some sort in the thing. Or the worst timeline, this is just the beginning 🥶😭

Honestly that's kinda great news, if I'm understanding you correctly, it's theoretically possible to install a firewall inside the gameserver docker. That's great I think? It's late o'clock here but I'll definitely be poking around tomorrow to see how I'm gonna do that! Yeah in regards to the handshake thing. I'll be honest I'm not sure. I know the access requests are coming in on UDP. Because if I close off that UDP port 7777 the attack stops. The rest of what I've written about it is what I've come to understand reading that other forum and a cursory google search. I feel like other games must do a TCP handshake before trying to initiate the UDP connection. From what I understand that would stop this sort of attack from working at all. But then again I'm a mechanic not an IT professional or developer or something. So I don't really know. I also just want to say thanks for looking at the issue at all for me, 😊. Like this really has nothing to do with the docker you made at all. That works ✓%100 great. Just like all of the other dockers you've made that I've used so far.

Yeah the problem is that the connection handshake is all udp. Because there's no requirement for an actual handshake before data starts flowing, if the hacker doesn't have their network traffic filtered(BCP 38) they can send these packets with the wrong return address. I'm assuming all they needed to do is copy whatever the normal connection request looks like and change the ip in it. Kinda blows my mind how powerful it is when distributed. So in the spirit of learning new things I've been doing research all evening on how I could implement the fix posted in the tripwire forum post I linked way up there. Here. But I've gotten stuck, they essentially as far as I can tell, use the game server log, to detect when they are getting hit, if ~5 connection attempts happen in quick succession, they take the ip from that and tell the firewalld thing to dump future packets from that address. Now were fairly certain those attempts aren't actually originating from those ips but it is still a way to identify the packets and drop them before the game server sees them, and starts shooting out data. So I figured, okay I could setup a script to do that using the scripts plugin, shouldn't be that hard, if it doesn't work ill shut the port again! Well I tried to do this any way, got stuck when bash didn't recognize the firewall command. Tried to do some more googling, figuring that unraid which is based on Slackware should have some of this built in some where. but so far my googling returns mainly posts about how unraid needs to be ran behind a fire wall and isn't designed to do firewall-y things. So I think I'm stuck, my router is from my isp, cant be tinkered with tooo too much, and I don't have any hardware lying around to turn into a hardware firewall. Plus even if I did, the current "fix" requires reading of the server logs, which I suppose it could over a network share, but that just doesn't seem like the way to do this sort of thing, even to a novice like myself. So now I'm trying to figure out how docker networking works, to see if perhaps this is something I could do inside the container, so as not to mess up the rest of the docker stuff... But to be honest, I think I may just play some thing else for a while instead! hahah!

Agreed! Yeah my understanding from reading on their forums, they don't think it's a problem. I'm assuming they just have big pipes or something... Haha. Yeah they used to support the game or at least it looked like they did a few years back but they haven't seemed to put much into it in the last couple. Tis a shame! Yeah also I share the sentiment that @Zalszibar has, thank you in general for providing all this to us! The whole community apps thing in general is amazing and all the effort you put into making all these game ones is really really nice. And in no way was I implicating your work into the adversity I've had with my lil kf2 server. I posted here simply because this is the first place I looked when I was having issues. Plus it's just so easy to setup using the CA page and your docker, I figure other people might end up in the same place I am. Purely hypothetically, I know dockers have their own networking built in. How hard do you think it would be to implement a connection limit per IP? Some of the folks on the tripwire forums were talking about iptables, firewalld, and or fail2ban. Like I guess I'm wondering if I were to figure that out so my server dumps the repeated connection requests instead of replying to them. Do you think it would be possible for me to implement that in the docker container, or would that be something I'd do on the actual box? Or in your opinion is that something I'd have to do at the router level? I know that's a lot of questions and your a busy person. I guess what I'd like to do is come up with a solution to it given that tripwire hasn't and I sincerely doubt they're going to given how little they seemed to have cared to fix their game over the last few years.

Also in regards to the webserver bit, I'm assuming that person has a domain, and just directing them how to set up the game server to point to their webserver that is hosting the maps. In the Reddit walk through there are some things that were assumed because the game server and webserver were running on the players windows computer.

Hey thanks @ich777 for cleaning up the code bit there! Also thank you in general for these game servers, I've used a few of them and have had a lot of fun! But not to be argumentative, in regards to the DDoS thing. I wasn't personally the target, the bad actor uses the kf2 server UDP connection hand shake as a way to amplify their attack on some one else. They do this by spoofing the return IP in their handshake, so that our kf2 servers start sending data to their spoofed IP(actual target). But for us home gamers it's enough traffic to flood a network. This provides a nearly 2x amplification in data. I have a gigabit connection, and my network was inoperable. It's also fairly easy to collect the IPs of the servers (like mine) because the servers do broadcast in-order to populate the server list in game. I think the bad actor refreshes their list every day or two, given I had about 36 hours of uptime untill I got hit. And while I definitely do agree that tripwire should absolutely patch their code to prevent this, it's been an issue for community servers since at least 2021. My server was only online for a few days and I started to get flooded with UDP traffic. I'm not necessarily trying to fear monger but the game is being completely sunset this year, I kinda doubt they are going to do anything about it. GIven the headache to get the custom maps working, because their own wiki that tells you how to setup the server directs people to use a system that is absolutely broken in regards to serving custom maps. And because the game is getting on the older side, I wanted to post something somewhere that would explain the current pitfalls of setting up a kf2 dedicated server in 2023. Ultimately I feel it's important to know that this is an issue that exists, because when I started the docker, I left it running like I would any game server. And when I got hit it took a while for me to figure out what was going on, when I did finally figure it out, I felt that the effort put in to get everything working wasn't worth it. The thing about unraid and these docker containers is that in general they are very easy to set up. If like me, a user have very little experience so far in Linux, but is capable of opening some ports and installing a docker from the apps page, if their network suddenly is saturated they might not know what's going on. I'm not trying to fear monger, but make sure people are aware that this is an issue, and I did link to what is apparently the solution. It's just a little over my head. Because for example I had both Valhiem and satisfactory servers running for over a month(satisfactory even uses the same port) and had no problems. Not all game servers are developed equally. And if had I known this was a vulnerability before setting this up, and given that a lot of us using unraid are doing so from our home networks. I think it's important that there is some awareness that this is a thing.

Hey folks who may or may not be messing around with the KF2(killing floor 2) server image. Ive spent the last week or so messing around with it and I feel a warning is only fair to those looking to host one these days. First off you should be aware, the server code is designed in a way that makes it a target for people looking to amplify their DDos attacks, there is no rate limit on the UDP game port that it uses to accept connections. So bad actors spoof the ip of their target and then push packets to our servers. before you open your ports you should figure out some sort of protection. Here is a link to the tripwire forum post where some peeps seem to have something figured it. it's over my head so I'm just gonna shut mine down! (and close those ports again) https://forums.tripwireinteractive.com/index.php?threads/kf2-or-any-unreal-engine-3-server-on-redhat-centos-rocky-alma-linux-ddos-defense-with-the-help-of-firewalld.2337631/ Second off, if you want to run custom maps, and follow the workshop downloads instructions, you will find they don't work. The solution is a bit ass backwards, but here is what I did. If you go into the console for the docker, you can use steam cmd to download maps. This is important because the server wont do it it's self due to some sort of file mismatch (netcomego code 8). But its not super hard, all you need to do is open the docker console and then put each of these lines in individually. bash cd /serverdata/steamcmd su steam ./steamcmd.sh login anonymous workshop_download_item 232090 <workshopID from url> You may have to then move these into the Cache folder inside your game (appdata/KFGame/Cache). Or not... I'm not %100 sure as I had to mess around a bunch What the above does, if you're as Linux inept as I am; opens Bash which is a terminal emulator, I'm not sure if this is necessary, but I think it is for the user switch you have to do? cd (change directory) gets you to where the steam application is. su (switch user) steam changes the the user account you're launching steamcmd as, this is important so it has permissions to save the files to its directory. ./ launches steamcmd.sh then you're logging in as anonymous, which is how most server stuff works with steamcmd. Lastly you're directing it to download an item for game id 232090 (linux version of KF2 server) and then what item you pick. Once that's all good and done, peeps still wont be able to download your maps. HA! What you have to do is give them some where to get them. So what I did was make my own HTTP redirect server. This guide will get you close. https://www.reddit.com/r/killingfloor/comments/w2lg4a/a_guide_on_setting_up_a_kf2_server_and_a_url_for/ But you want to run that NGINX in a docker right? I installed the one from the community apps. https://github.com/linuxserver/docker-nginx#readme which is the one that comes up as just NGINX when you search for that in our community apps page. Once you have that, you're gonna almost follow the instructions from the reddit, except you want the files to be in a subdirectory of the "www" folder. also I recommend changing the port number for this. no need to collect the heat from having it on port 80. (change it during install) Just copy the entirety of the folder that steam downloaded all your custom maps, into the directory you're hosting in the "www" folder. Don't worry about directory neatness or anything. you should be able to visit your index by typing <ip>:port/www/<maps or what ever you called it> if you can, and don't get a 403 or 404 you're set. In the ini file, you should add the url that the outside world would connect to your fileserver, for example if you're using a domain, put that in there. even if you connect over lan it will still work. Did for me any way. Once that's all said and done, you should be able to connect in game, and if you decide to go to a custom map, keep in mind that the game is poorly made, you will be greeted with the loading screen saying downloading success 0% map name. just be patient the loading thing doesn't look like its working but it is, eventually you'll hop right into the game. Once the client has the map, that isn't an issue. I sincerely hope this helps, id say ask me if you have any questions, but considering I barely fumbled my way through it, got it working and now give up cause I cant figure out how to secure the game server from DDOsing I don't know if I'm truly going to be able to help! That being said, if you're reading this and have and idea on how I could dump all that DDos traffic and not kill my home network let me know! when my box get's hit I'm uploading 40-80Mbps and my isp router struggles hard, basically kills my network. one day ill have to build my own router but as of right now I'm using the one my isp gave me when I upgraded to gigabit fiber.

I don't know why I hit the update all containers button. I definitely shouldn't have. I have the same issue as rhcp011235 and I'm sure others as well.