DMZ for game servers, hiding the real IP

I’m in the process of a network renovation on my pfSense and Unifi Switches so that I can host games externally for a small group of people. Since I’ll be hosting this in my home. The option of getting a public IP block is not an option. So I’m limited to doing port forwarding. Which also limits me to the number games. If several games use the same ports.

The thing is I don’t want to be handing out my primary public IP to every random person that wants to play on the games I host. I can’t even get a second public IP without upgrading to a business account with the ISP.

Since a block of public IP’s is not an option. Are there other options I can use without handing out my public IP for everyone to use to access my game servers? I thought of using a VPN option but I’m not sure how to configure that to use in a DMZ.

It is possible to get a public IP from a cloud server and then setup a VPN from your system to that server but that would also ad some latency. I don’t have any videos / write ups on how to configure it. The better solution to hide you IP is to run the gaming server in the cloud.

Yeah that was what I was afraid of. I initially looked into the Google Game Servers. Which is doable but would have to pass the cost on to users. But I’m not into the position of doing that. I’ll continue to look into other options.

I was able to find NordVPN documentation for pfSense. But I couldn’t seem to get the gateway to come up after going through the documentation.

The game your hosting would it take FQDN instead of IP address, if it is probably open an account with Cloudflare. They offer proxy settings to hide your IP address. Not sure what will be the effect on the actual game but you can always do some trial first to check what will happen.

No and that would not work either. You’re talking about using a reverse proxy. But thank you for the suggestion. TBH, it’s cheaper to host with a provider in the beginning. But gets more expensive when you add more players and games.

I thought that will help anyway, I saw on one of your post you mention about VPN. Tom has tutorial with VPN and pfsense (but its with PIA) I assume the steps will be the same. Maybe have a look onto it and see if that will address your issue.

Yeah, I’ve already reviewed that. And I already use NordVPN but not on the FW. Network Chuck provides a tutorial on NordVPN. I did go through the documentation NordVPN provides for pfSense. But I couldn’t get the gateway to come up. Which I think is a configuration in my FW that is preventing it. I have to track down the issue and then try again. One of the reasons, I’m renovating the FW.

Not sure if it will work for you but Wendel on Level1Tech has made a great write up and video on how to create a HAProxy instance in the cloud that can be used to protect / hide your public IP.

Maybe that could help you?

Thanks for the suggestion. Unfortunately, this option wouldn’t work either. HAProxy is a load balancer plus reverse proxy that forwards TCP traffic to the destination server. Since this is for various games, not all use TCP and the games I’ll be using are using UDP and TCP. While the Steam client will take either an IP or domain plus port. You would start running into trouble because of the UDP requirements. But thank you for the suggestion.

You could create a WAN edge with multiple IPs in one of the public clouds and then forward that traffic across an IPSec tunnel to your pfSense.

That is a possible solution, but wouldn’t that add latency?

Yes, but depending on where you set this up in relation to where you live, it would be minimal. Likely less than 5-10ms. In some cases it could actually be less latency depending on PoPs that are available with the provider.