T
T
TCPShield
HomepageDiscordPanelPricing
Search…
T
T
TCPShield
TCPShield
FAQ
Commonly asked questions
Features
Contact
Billing
Premium Features
Cloudflare Network
Panel
Setup Process
Panel Configuration
DNS Setup
TCPShield Plugin
Troubleshooting
Setup Checklist
Invalid Hostname
Disconnected on Login
High Latency and General Lag
How to Read a Traceroute
Connection Complaint Policy
Miscellaneous
TCPShield API
Geyser
Protect a website
Protect a home hosted server
Useful Links
TCPShield Panel
Powered By GitBook
Geyser
Information about using Geyser with TCPShield

Setup

Panel Setup

For the time being, we are doing manual provisioning. In order to get setup, please create a separate backend set which points to your instance.
An example for a Geyser backend set
After you've created a backend set, you can get in touch with us to provision your Geyser tunnel. Please provide us with your email and the name of your newly created backend set. We will assign you with a CNAME specifically for Geyser.

DNS Setup

The DNS setup is quite similar to the setup one normally goes through to setup TCPShield.
You need to point a new CNAME to the CNAME we've provided you.
An example how to setup the CNAME

Using the same domain to connect to both Geyser and Java Edition

If you want to use, for example, play.example.tld to connect to both your Java Edition and Bedrock server, we need some special configuration.
Setup a SRV record which points to your Java Edition server
The CNAME for your Java Edition server has to be a different one than the one you want your players to connect to. In this case, we will use tcpshield as the name of the CNAME.
In order to get the SRV record setup, you can follow the guide here.
Change the name of your Geyser CNAME
If you have already created the CNAME as described above, change its name to the subdomain you want your players to be able to connect to. If you haven't created the CNAME yet, you can follow the steps as outlined above with the difference to set your name to, in this example, play.
An example of a full setup
Done!
After this is done, you are able to connect to both your Java Edition and Bedrock server with play.example.tld!

Plugin Setup

For the plugin not to block incoming Geyser connections, please create a new file under plugins/TCPShield/ip-whitelist. In this example, we will call this name geyser.list.
Add these lines to the file:
1
10.0.0.0/8
2
172.16.0.0/12
3
192.168.0.0/16
Copied!
After you have saved the newly-created file and restarted your server, the plugin has been setup.

Proxy Protocol Setup

For those that can't use the TCPShield plugin, you can use proxy protocol as an alternative. Detailed instructions can be found here.

Firewall Setup

As true Geyser support is still pending, it's recommended to block all incoming connections using a firewall solution. For this example, iptables is used.
1
ipset -F tcpshield
2
ipset -X tcpshield
3
ipset -N tcpshield nethash
4
​
5
for IP in $(curl -q https://tcpshield.com/v4/); do
6
ipset -A tcpshield $IP
7
done
8
​
9
iptables -t raw -F
10
iptables -t raw -A PREROUTING -m set --match-set tcpshield src -p udp --dport 19132 -j ACCEPT
11
iptables -t raw -A PREROUTING -p udp --dport 19132 -j DROP
Copied!

IP Forwarding

Currently, IP forwarding isn't yet supported but we are working very closely with the Geyser team to get it implemented.
Miscellaneous - Previous
TCPShield API
Next - Miscellaneous
Protect a website
Last modified 1mo ago
Copy link
Contents
Setup
Panel Setup
DNS Setup
Plugin Setup
Proxy Protocol Setup
Firewall Setup
IP Forwarding