Jump to content

relin

Member
  • Content Count

    4
  • Joined

  • Last visited

About relin

  • Rank
    Freshling

Profile Information

  • Gender
    Asexual
  • Interests
    CentOS + Zomboid = <3
  1. Table of Contents: Click the links below to quickly navigate to sections you need. 1. Foreword">Foreword 2. Preparation">prep 3. Firewall Settings">firewall 3.1 Port Opening for Zomboid">pfiptables 4. Steamcmd for Zomboid Server Files">steamcmd 5. Zomboid Server Files">zomboid 5.1 Editing Zomboid Server Settings">serversettings 5.2 Editing Zomboid Server Difficulty">serverdifficulty 6. Server Monitoring Tools">tools 7. Launch Exceptions (Common functioning server errors)">exceptions 1. Foreword: This an installation guide is for beginner-intermediate users, steps are mostly in detailed explanations. If you just got SSH capabilities, a terminal on putty, and centos 7 on a vps/dedi provider, this is for you. Read carefully and make informed decisions via copy and paste. I am not responsible if you brick your server, if you're unsure, google first. VPS and 64bit dictates the tested environment, while providers of your server can be different from mine, centOS 7 is able to reliably run a project zomboid using the steps provided. If your CentOS is older/newer, tweak are needed for repositories, and libraries. Checks and options for the variations of CentOS are provided, but this guide does not derail into helping 32bit and dedicated server users, hopefully this helps you. Side Note (I excluded firewallD and replaced it with good ol' iptables): This entire guide ignores CentOS 7 firewallD and uses the old iptables for firewall options. because botnets were brute forcing SSH port on day 0, while I was newly acquaintenced to CentOS 7, I didn't have time to learn, so I used what I knew, iptables, with fail2ban. If you can help harden this in more native CentOS 7 options with fail2ban and firewallD, feel free to add your input. Editor's Note: [2/19] Going to format this better tomorrow, it's completed but not looking too pretty. [2/22] Update: Proof read and All steps recently tested and working on another dedicated server I'm running. [~~~~] ToDo: Append more zomboid server settings and server tools in the future. 2. Preparation: CTRL+C on windows and right click in a putty terminal to paste. Codes will be in boxes like these: EXAMPLE: DOUBLE CLICK SELECT AND COPY ME# These are comments, no need to copy Updates and checks are needed. Ingredients: Putty, your port 22 access, root and your password, and a centos7 server. What now? Log into your root account. Check for 64bit CentOS: uname -aYou should see "x86_64 x86_64 x86_64" at the end of line, congratulations, you're 64bit. If you're 32bit, the installation process will be a lot easier. Due to you not needing to install both 32bit libraries and 64bit ones to make zomboid work. To make sure you're root: whoamiyou should see "root" at the next returned line after you enter this command. Update repolist for yum: yum update Afterwards, to see what repos you have available: yum repolistTo check if you have RHEL 7 - RPMforge.net for java, and htop. This step is for those that do not have RHEL 7 rpmforge on their yum repolist: yum install yum-utils(wget in a folder if you want organized downloaded files) wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpmwget http://apt.sw.be/RPM-GPG-KEY.dag.txtrpm --import RPM-GPG-KEY.dag.txtrpm -i rpmforge-release-0.5.3-1.el7.rf.x86_64.rpmTo delete these setup files: rm -f RPM-GPG-KEY.dag.txtrm -f rpmforge-release-0.5.3-1.el7.rf.x86_64.rpmTo check for GPG keys: rpm -q --qf "%{NAME}-%{VERSION}-%{RELEASE} \n %{SUMMARY} \n" gpg-pubkeyTo check yum if you have RHEL 7 on the list yum repolist##And if you don't have RHEL 7: yum-config-manager --enable rpmforge 3. Setting up iptables as firewall: I had to prevent botnet attacks on day 0, didn't really get to learn firewallD/firewall-cmd, if you know a better process for this, please append your revision below. You might already have these services on your VPS/Dedi, it doesn't hurt to run yum install, because it updates the services if you already have it, and it will do nothing if you're already up-to date. yum install iptablesyum install iptables-servicesDid it come with a firewallD? systemctl status firewalldsystemctl status firewall-cmdfirewallD is on, disable it systemctl mask firewalldsystemctl start iptablessystemctl stop firewalldsystemctl enable iptablesno firewallD, it's off (skip this if you went through 4 lines above that disabled firewallD, it just repeats starting iptables.) systemctl start iptablessystemctl enable iptablesstart gets it running, enable gets it running after your VPS restarts (hopefully never). IMPORTANT [sSH] If you do not include this line you will be locked out of your server. iptables -I INPUT 1 -p tcp --dport 22 -m --state NEW -j ACCEPT#22 is not your ssh port? change accordingly.(Got locked out twice while I was trying to edit iptables on a dedicated server , no judging) Fail2ban is a quick and easy way of filtering out unwanted login entries from ssh I had security problems on my VPS, so I used it and it works. The latest version of fail2ban is on EPEL, you need to install the repository for it: yum install epel-releaseyum install fail2banEdit with your favourite text editor vi, nano or vim, I chose vim. yum install vimvim /etc/fail2ban/jail.localAppend the following to the empty file, bantime is in seconds, equals to 24 hours. If within 10 minutes, 10 entires were placed, they would be banned for a day, via the firewall settings of iptables set in jail.conf (default setting, where it inherits modifications of jail.local) [sshd]enabled = truebantime = 86400findtime = 600maxentry = 10action = iptables[name=SSH, port=ssh, protocol=tcp] Editing with Vim: 3.1 [important] Opening ports on iptables for your zomboid server: iptables -I INPUT 1 -p tcp -m tcp --dport 16261:XXXXX -j ACCEPTiptables -I INPUT 2 -p udp -m udp --dport 16261:XXXXX -j ACCEPT#UDP and TCP are needed#Replace Xs with additional users to 16261#XXXXX = 16261 + (player capacity)The Xs stands for the amount of users you want added to 16261, the range is dictated by the colon operator, where numbers left to right are inclusive. As in 1:3 is 1, 2 and 3. I read from somewhere that 2GB ram is equivalent to 10-15 players. You can do this later if you want, it's always changeable. My personal experience on a OpenVZ Linux 2GB VPS is that 2GB RAM handles 5 - 7 users smoothly with single player zombie settings. Removing iptables Rules [to refine your open port/mistakes] The oh no, I miscalculated amount of users I can handle, I can have more, or less. Delete old rules set above by... #To check rulesiptables -L INPUT -n --line-numbers#To delete rulesiptables -D INPUT <NUMBER_FROM_LINE_HERE>First line is to acquire a list of rules you've set on iptables. Second line is to remove it via the annotated line#Number dictated by the first command, you don't need the square bracket. Warning: Rule number on list is concatenated, not static. If you delete rule 2, rule 3 is now rule 2. Re type rule check command every time you want to delete, I locked myself out by deleting the SSH port two times too many. Saving iptable Changes service iptables saveYou thought service was replaced by systemctl? lol not quite. Wrapping fail2ban around iptables Check if you have fail2ban running after installation: systemctl status fail2banIf it's not running: systemctl start fail2banAnd enabling it starts it at every restart. systemctl enable fail2ban Congrats! You're done with basic firewall settings. 4. Getting steamcmd for zomboid server files: steamcmd is a script that helps you validate and obtain project zomboid server files and other steam supported games.. Install java and the libraries for glibc in 32bit form. yum install javayum install glibc.i686 libstdc++.i686because zomboid is 32bit, and your server is 64bit centOS, it requires 32 bit library to run a 32 bit game. Other libraries ([verified not needed] optional): The following should give you whatever resources it needs to run the zomboid dedicated server shell script properly as I have installed this out of fear that it would throw exceptions. I hope you wouldn't need the extra step, if you like to do a test, this is the step you don't include, and then include if the shell script terminal throws a bunch of exceptions during initialization. This is usually for when you get some obscure exception thrown at your zomboid console that is not normal. yum install libstdc++.x86_64 glibc.x86_64 glibc-common glibc-devel glibc-headersconcatenated version of the updated code from this op, in addition to the 64 bit versions of the previous glibc libraries. Adding steam user to run zomboid scripts It's recommended you use a separate user when running the zomboid server and steamcmd, out of security reasons that root shouldn't be logged in at all times. adduser steamuserpasswd steamuser#<type steamuser's password> Then you want to add the user to the group for using admin commands, called wheel. But before that, you want to check if this is allowed in the first place. visudoScroll down using arrow keys to find this line (make sure %wheel ALL(ALL) ALL is not commented out), it should look like the above. How to use vi to edit? (it's very similar to vim) Adding steamuser to wheel group usermod -aG wheel steamuserSwitch User to steamuser su steamuserCheck which group you're in by typing groupswhoami is just an empty command to test sudo on. sudo whoamiyour sudo password is that which you set for steamuser, not root. exit#this exits your su steamuser session, not putty terminal for your ssh session.It will return to [root @ yourserver] Making directory for steamcmd navigate to your folder of choice, for the purpose of defaulting a location for the guide, I chose /home/steamuser/ to install steamcmd and project zomboid under. mkdir /home/steamuser/steamcmd#makes directory aka folder called steamcmdcd /home/steamuser/steamcmd#goes to directory aka folder called steamcmdwget http://media.steampowered.com/installer/steamcmd_linux.tar.gz#gets the file from the web, provided by valve.tar -xvzf steamcmd_linux.tar.gz#unzips the filerm -f steamcmd_linux.tar.gz#remove unnecessary install files -f ignores prompted warnings and force yes./steamcmd.sh#runs script, a terminal appearing notifying you with...#Steam>You are now in the terminal of steamcmd.sh, type the line below, replace brackets with your account info. Make sure you have project zomboid on this account or else you wouldn't be able to download the dedicated server files, and be aware, password is visible, so watch your back login <STEAM:USERNAME> <STEAM:PASSWORD>You will be prompted with steamguard verification, yes this is everytime you want to run an update on project_zomboid from steam, fetch and type it from your email, hit enter, after login is confirmed. If you've mistaken your steamguard key, and the steamcmd terminal didn't kick you, type "quit" hit enter, repeat ./steamcmd.sh again and redo from the login. force_install_dir /<ANYWHERE>//<ANYWHERE>/ is a folder soon to be created within /steamcmd/, and it will hold the zomboid server files, to everytime you want to launch you have to visit and type it, i named it /server/. All immediate zomboid server launch options will be allocated within home/steamuser/server after you type this command in the steamcmd terminal: app_update 108600 -beta onlinetest validateThe above line is from the wiki, last revision in 2014, still worked for my setup. app_update is a cheap term for, install if you don't have, update if you do. 108600 is the ID for the steam game, project zomboid. beta opts-in the latest version onlinetest is maybe an id identifer for it (optional??? if someone wants to exclude for a test, results would be appreciated) Validate is just a check to confirm you didn't download a car, cause it's illegal you know. quitThis exits steamcmd terminal 5. Zomboid server files and settings: Preparing for your zomboid server launch. you are in your /home/steamuser/steamcmd folder cd server#or whatever folder you force_install_dir intoList the items under this folder with: ls You better see 'projectzomboid-dedi-server.sh' in there. Allocating RAM: We're going to edit RAM values allowed by the script to run your zomboid server. vim projectzomboid-dedi-server.shEdit these values with vim: -Xms4096m \ -Xmx4096m \Change to your ram's capabilities. Generally RAM: 1GB = 1024, 2GB = 2048, etc., Connal referenced Kirrus on this thread, noting to not place it over 80% of your VM's capacity, that means your VPS. What is Xmx and Xms? heap size allocation (what is xmx/xms) (Minecraft ram allocation) because minecraft runs in a similar setting in java as to this game, it's useful to see how other server hosts allocate RAM. How do you use vim again? (Smash spoiler button with hammer to find out) Spoiler [Ins] #Hit the (Insert) key on your keyboardNavigate your cursor to the place you want to replace, edit like a text file on windows, just backspace to delete, etc., When you're done editing. Hit [Esc] #escape key top left of keyboard to exit out of edit mode from [Ins]After you finished with the values you'd like, hit [shift] + [;] (semi colon), then type wq and enter to save and quit. :wq Using "screen" for multiple tabs in your window. Now we install screen to allow multiple instances of tabs/windows running in your VPS. yum install screenscreen[CTRL] + a , [c] #you actually have to hold Ctrl + a, release both, then hit cWhat screen allows is multiple instances of "tabs" on your one SSH window. To use it just [CTRL] + a, [c] to create a new instance of that tab. Then [CTRL] + a, [n/p] (n or p, to navigate next or previous tabs) and [CTRL] + a, [k] kills the process. (closes the tab) Additional info on "screen" If you see immediately when SSH login is steamuser, click on spoiler to fix. First time running Zomboid Server After you're acquainted with windowed navigation with screen. Launch your server ./projectzomboid-dedi-server.shFor the first time it'll prompt you with an admin password, and another prompt to confirm what you entered. Wait for it to load. when you see.. You're golden. You shouldn't see more lines after server is listening on port, unless you felt a bit hastey and joined it. quitTo exit out of the server in order to change settings. 5.1 Editing more server settings Now you want to start another screen to visit the server settings. [CTRL] + a, n #you actually have to hold Ctrl + a, release both keys, then hit nWill bring you back to the next screen, (you have two screens, we're navigating this one to another location), use it as much as you like, it cycles. vim /root/Zomboid/Server/servertest.iniTo edit values such as public, pvp, maxplayers, etc., Below are the values I really tweaked from default. How do I use vim to edit again? Settings I changed: PVP=falsePauseEmpty=truePublic=truePublicName=[CENTOS]TESTINGPublicDescription=TESTING 1 2 3MaxPlayers=15Remember 2GB = ~10-15 players, RAM wise, scale accordingly, and make sure to delete old iptables and reopen ports according to change. After that is done, you can safely restart your server. su steamusersudo ./projectzomboid-dedi-server.sh#note if sudo every prompts you of a password, it's always the password of that user you're on. Server should launch, and you and others should be able to join. Just know you have screen options, every time you close putty or whatever program you use to gain access to your SSH. You will have the option to resume with screen -rTo switch, just use: CTRL+a, then n. Provided you have two screens, navigates you out of the running server for you to do other server stuff. If you have only one screen, CTRL+a, then c to create a new. 5.2 Server Difficulty Tweaks: Luckily you're given a tool to create this file yourself. it's located on your steam copy of zomboid folder on windows CXYZ:\Program Files\Steam\SteamApps\common\ProjectZomboidThe file name of PZServerSettings.exe It's a GUI guided editor that automatically creates the file named servertest_SandboxVars.luafor your server location of.. C:\Users\YOURNAME\Zomboid\ServerFor your VPS it must be placed on /root/Zomboid/Serverif only you had winscp or an equivalent program to run the .exe file within the vps. Fear not you can just create "servertest_SandboxVars.lua" and paste the following inside. 6. Optional server monitoring tools: (more to be added) Install htop via yum install htophtopit's like task manager for windows, but in a terminal, you can end trees of processes. 7. Common launch Exceptions (if you see these while initialising you shouldn't worry) I see these two common exceptions being handled gracefully, meaning the server still runs. If you have other common launch exceptions, just paste below and I'll append it. I saw these two on my first installation of zomboid, still experimenting with my VPS. On my 3rd installation on a dedicated server, I didn't see the public server one thrown. During initialising phase of server system: "failed to parse Recipes..." When public server is set. you see java.lang.NullPointerException iptables, the perfect setting (guide in progress) Aiming for security and ability to connect players, and public server list, without using no firewall at all. iptables is very logical in its setup, almost too much, where orders matter from top to bottom.The Green and Red are establishing new rules to connection types below it. The bold black rules for udp and tcp is what your server needs for zomboid to accept connections The bolded REJECT is what you want to add SSH access to, before it. See The OUTPUT policy needs to be just that, I'm only using this as a gaming server, and I trust myself and zomboid devs I don't see the need to filter my own server's output. If it's not on ACCEPT, use the following line below. iptables -P OUTPUT ACCEPT#accepts all outward going packets. Because it's your server sending files.We're a server, so we need to accept input, but filter it. If for some reason it's not on ACCEPT. iptables -P INPUT ACCEPT
  2. I went on control panel and restarted the VPS, and the same exception was thrown when I set the public=true in servertest.ini By the way, do you remember which libraries you got from yum install, apart from the requirements from steamcmd, screen and java? Thanks for the quick reply btw! --------------------------------------------------------- So I didn't go to sleep and I got results from trying to figure out what normal packet transactions look like from pz public authenticating server => game => client, and for me it looks like this: from my VPS. Ps it's on 16262 because I set it as the setting for the .ini file for server settings, to check if it's working, it is, destination is to 16262. SOLUTION: UDP + TCP porting in iptables, see OP last line of code for reference. ALL THIS FOR NOTHING!
  3. I hope you're right, I don't think it is that new, I had it for atleast 3 days, the brute force attacks from china was preoccupying my need for a zomboid server lol. Do you know anyone here that succeeded in hosting a CentOS server for zomboid? I saw Connel mentioning kirrus in a couple of threads about CentOS but that was in 2014.
  4. Please grab a coffee, it's a long one. Specs of VPS: ~2GB RAM, Openvz CentOS 7 linux. I yum install java, screen, did the glibc installation as advised on the wikipedia page of steamcmd for centOS (glibc-2.17-55.el7_0.5.x86_64 || glibc.i686 and libstdc++.i686), then headed here, checked this link for glibc's -common, -headers and -devel, just in case. Problem #1: NullPointerException when listed as public server Here are the changes I made to the Zomboid/Server/servertest.ini PauseEmpty=truePVP=falsePublic=truePublicName=centosPublicDescription=lowcapsPublicPlayers=15The unique error I get running ./projectzomboid-dedi-server.sh on root (just to make sure it's not a permissions type problem) [ps. ram values set at 1024] Common header while launching: Exceptions: So I changed the servertest.ini to non-public PauseEmpty=truePVP=falsePublic=falsePublicName=PublicDescription=PublicPlayers=15And I get no NullPointerException like the one above, i'm not sure if this is the actual symptom that is preventing me from connecting to my own VPS. Problem #2: translator: failed to parse Recipes for language=EN This occurs both in the public and nonpublic listed options for modifying servertest.ini this problem does not change. I played enough hours to know worms and berries exists in single player, so I thought something is wrong here. I'm not sure if this is affecting the connection problem of client to server. Problem #3: I can't connect from Canada IP (my location) to Chicago IP (server) Obligatory background info: So when I first ssh'd into the VPS I had a warning of 4k login attempts, found out it was at a rate of 136 login attempts per minute from a single china IP, so I set up fail2bail. And since I didn't know anything about firewalld, I installed iptables, like the old CentOS I'm used to, ban-defended my box until it was down to 24 attempts per 10 hours and I caught around over a dozen IPs. so I have both iptables and firewallD, and I opened both on TCP 16261 - 16275, for the 15 player limit I'm imposing. iptables firewallD Even running without public server settings under servertest.ini I can't connect to the VPS, where I can join servers on public servers, I get this: sendto failed with code -1 for char 5 and length 1464.in the ProjectZomboid.exe repeated about ~3 times every time I try. It's like I'm trying to join a non-existing server. Full Logs: Full Logs from default launch script With public setting Without public setting Full Logs from network firewall settings Iptables and firewallD Thanks for reading in advance if you need further information of anything I'll provide in reply asap What I tried: Checking yum for updates Deleting folders of steamcmd, zomboid dedicated script directory, zomboid server ini file folder. Restarted CentOS VPS Network troubleshooting: This might be a network problem, so I nmap -PN -p 16261 -sN (PZ IP)on some public servers to see what their ports are like for the game, and some public servers have it as "open/filtered" under TCP. While mine's under "open/filtered" as well. So I'm now using tcpdump, by now I changed iptables to 16261-16281 that allows all tcp traffic destined port range from 16261-16281 in a line like this. tcpdump -s 6300 dst portrange 16261-16281 -w tcpfileI'm grabbing a snippet of when I launched the script and results. Here's what I did, to trigger the above. TCPDUMP Monitoring method used: I'm assuming the ip from port 55101 is from the public server authenticator. Btw I changed the game port from 16261 to 16262 from that .ini file for server settings, in order to test if that was working as intended. It is So I ran tcpdump -s 6300 dst portrange 16261-16281 -w tcpfile again but this time no public server, it's just the above results without port 55101's server. Then I ran tcpdump -s 6300 src portrange 16261-16281 -w tcpfileTwice, with the same conditions as above, once without public server setting, one with, with the default tcpdump method, no packets were from source of these port ranges. At this point, I tried everything, to my capabilities. So I decided to monitor all traffic that's not port 22, that's default SSH port at the time. tcpdump -s 6300 port not 22 -w tcpfileAnd I got this in return. Using the above quoted default tcpdump method. Analysis of Network packets. Intel gathered from this is: the 198.41.247.217 IP, reverse looks up = project zomboid's main website. mort.positive-dedicated.net i'm assuming is the authenticating server? Something happened between vps and pz's a handshake that allowed mort.positive-dedicated.net to communicate with my VPS, then following a ICMP code 1, where my VPS has the "host unreachable, admin prohibited" could be from IPtables? When I wake up in the afternoon I might just allow traffic from those specific IPs and ports, and maybe things will change for the better? Good news, I tested fate and systemctl stop iptables./projectzomboid-dedi-server.shconnected with my client pc YAY! it worked!systemctl start iptablessystemctl restart fail2banInstant >40 IP ban cause chinese hackers are still botnetting muh IP So now, I know it's iptables settings. What would I need to do for the traffic to be allowed? we'll find out! iptables -A INPUT -p tcp --dport 16261:162XX -j ACCEPTiptables -A INPUT -p udp --dport 16261:162XX -j ACCEPTEverything works as intended, you need TCP and UDP to get it working haha. This windmil journey for ports. Sigh.... Is this what normal traffic is like for a server that is working or is my VPS host the one that's limiting this connection somehow? or is this all within the libraries? Please help!
×
×
  • Create New...