Ragnarok Proxy Setup (Hide your VPS IP)

Hello there!

I’ve been searching for a way on how to successfully hide my main Ragnarok Server IP Address before and kept failing until I applied the updated patch for “Enable Proxy Support” provided by Functor which is uploaded on 4144’s NEMO’s GitLab.

With it, i’m sharing the steps on how to do it using CentOS7 (will be updated for other OS soon) for the proxy server/VM while the main server/VM will be anything you like as long as rAthena supports it.

Before everything else, I would like you to know that this guide will only work on CentOS7 and this doesn’t guarantee that it will provide low latency to your players since its main function is to HIDE the IP of your MAIN VPS to avoid being bombarded with unwanted traffic. In the event, you received lots of traffic on your proxy, you can just reject it on your main VPS via firewall rules/iptables.

Hiding your IP is literally easy via CentOS7 and can be done if you have FirewallD on your system which is by default installed. Kindly see below for the commands needed.

/* Port Forwarding CentOS 7 FirewallD */
// ========================================================================
// Please read the comments per line it is self-explanatory.
// Important Parameters:
// INSERT_ZONE = output of the get default zone
// INSERT_IP = is the public IP of your main VPS or server
// Note: Please don't forget to apply the patch Enable Proxy Support by
// Functor since it is the most updated one. Personally tested it using
// 2018-06-21aRagexe Client.
// If you like the guide give it a thumbs up! Or buy me some coffee via
// Paypal (https://www.paypal.me/ecdarreola)
// ========================================================================

// This command is to get the default zone being used by your VM.
firewall-cmd --get-default-zone

// This command is to check all rules applied to your VM by the current active zone.
firewall-cmd --zone=INSERT_ZONE --list-all

// Enabling Masquerade Status (IP Forwarding). 
// This is the important configuration else below won't work
firewall-cmd --zone=INSERT_ZONE --add-masquerade --permanent

// IP/Traffic forwarding
// Make sure you have configured masquerade
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6900:proto=tcp:toport=6900:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=6121:proto=tcp:toport=6121:toaddr=INSERT_IP --permanent
firewall-cmd --zone="INSERT_ZONE" --add-forward-port=port=5121:proto=tcp:toport=5121:toaddr=INSERT_IP --permanent

// Add rules for ro-ports (assuming that you didn't change the port)
firewall-cmd --zone=INSERT_ZONE --add-port=6900/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=6121/tcp --permanent
firewall-cmd --zone=INSERT_ZONE --add-port=5121/tcp --permanent

// Reload rules to take effect
firewall-cmd --reload

After configuring the above, make sure you also configure your clientinfo.xml or sclientinfo.xml to allow connection to multiple VPS via selecting service. This means that you “MUST NOT” use the “skip select service” patch on your client else it will be useless adding multiple connections. Kindly see below for example (look for the <connection></connection> part).

<?xml version="1.0" encoding="euc-kr" ?>
<clientinfo>
	<desc>Ragnarok Online Client Information</desc>
	<servicetype>america</servicetype>
	<servertype>primary</servertype>
	<connection>
		<display>^FF0000[ SE Asia ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to SEA Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.net/</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US Central ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US Central Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.net/</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
	<connection>
		<display>^FF0000[ US West ]^000000 - Connection Tunnel</display>
		<balloon>This server is dedicated to US West Region to possibly reduce latency.</balloon>
      		<address>INSERT_IP_HERE</address>
      		<port>6900</port>
      		<version>46</version>
      		<langtype>1</langtype>
		<registrationweb>https://rathena.net/</registrationweb>
		<loading>
			<image>loading00.jpg</image>
			<image>loading01.jpg</image>
		</loading>
		<yellow>
			<admin>2000000</admin>
		</yellow>
   	</connection>
</clientinfo>

After successfully adding multiple connection on your xml file, configure your subnet_athena.conf which is located on your rAthena folder under /conf to prevent sending real IP in network packets from login and char servers. (See example below)

// Default subnet_athena configuration
subnet: 255.0.0.0:127.0.0.1:127.0.0.1

// Change TO a new value (IMPORTANT)
// See below
subnet: 0.0.0.0:127.0.0.1:127.0.0.1

If you haven’t missed any step, then you’ll be able to connect to your main ragnarok VPS without any problem.

Again, as summary, the important configurations are:

  1. Spare VPS to configure the proxy
  2. Patch your client using updated “Enable Proxy Support” patch provided by 4144’s NEMO & Functor
  3. DO NOT patch “Skip Service Select” since you need it to choose from the multiple connections.
  4. Add multiple connection on your clientinfo.xml/sclientinfo.xml
  5. Configure subnet_athena.conf to prevent sending real IP in network packets from login and char servers. (Functor)
  6. (Optional) Enable “Cancel to Select Service” Patch

If you have any question feel free to drop a comment here or e-mail me If you like the guide, support me by buying a coffee.

Leave a Reply

Your email address will not be published. Required fields are marked *