Minecraft

Some time ago, my eldest and I started playing Minecraft together.

As you would expect from a sysadmin at heart, we soon had a server running on the Linux-based home server.

That went well but I wasn’t very happy running everything on my own user account on that server. Any backdoor on that server, maybe an admin command that allowed a remote shell, and an attacker would have same access as myself.

I tried running Minecraft as a Docker container, got bored, and moved on. Kid eventually moved on from Minecraft to another game, and the server was shut down.

The home server then became a FreeBSD, as I previously wrote about.

Getting it running on FreeBSD was easy, as the game provides a JVM-based server.

The jail config was simple:

minecraft {
  $id = 5;

  # NETWORK
  ip4 = inherit;
  ip6 = inherit;
  interface = bridge0;

  # openjdk
  mount += "fdesc   /dev/fd         fdescfs         rw      0       0";
  mount += "proc    /proc           procfs          rw      0       0";
}

I only had FreeBSD 14.0 as template, despite the host being already at 14.1, so quickly got something going started as 14.0.

First hurdle was the JVM. I search a pkg for jre, as I only needed the Java Runtime Environment.

$ pkg search jre
jrefentry-1.1_2                DocBook XML JRefEntry DTD
openjdk11-jre-11.0.22+7.1_1    Java Runtime Environment 11
openjdk17-jre-17.0.10+7.1_1    Java Runtime Environment 17
openjdk8-jre-8.402.06.1_1      Java Runtime Environment 8

Installed openjdk17 and tried to start the server:

java -Xmx1024M -Xms1024M -jar minecraft_server.1.21.jar nogui

Error: LinkageError occurred while loading main class net.minecraft.bundler.Main
        java.lang.UnsupportedClassVersionError: net/minecraft/bundler/Main has been compiled by a more recent version of the Java Runtime (class file version 65.0), this version of the Java Runtime only recognizes class file versions up to 61.0

Quick web server, found a list of bytecode versions, turns out I need Java 21!

OK, what am I getting wrong? Another search, is there no Java 21 for FreeBSD? There is!

What was wrong?

For reasons that I did not try to understand, the Java 21 for my system was a JDK21:

$ pkg search jdk21
openjdk21-21.0.2+13.1_1        Java Development Kit 21

Installed that one, game on!

Later, I came back to sysadmin tasks to make sure this jail was updated to 14.1.

I wasn’t able to get any freebsd-update command working, all sort of errors about gunzip: (stdin): unexpected end of file metadata is corrupt errors.

For some reason, I suspected my IPv6 tunnel with HE wasn’t working as expected.

That’s very odd, as I’m sure it worked until I upgraded from 14.0 to 14.1…

Started looking at things like minmss, pmtud, firewalls, etc.

It then dawned on me, when I upgraded FreeBSD I also upgraded my ER-X router from v1 to v2.

After many web servers, I’ve discovered others had the same issue.

I still haven’t figure out how people add this permanently to the router initialisation but adding this rule on the ER-X IPv6 firewall did the job.

ip6tables -t mangle -I PREROUTING -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN

I hate the feeling that shouldn’t have upgraded a firmware…