Architecture: Cloud Relay (Velocity) + Local Powerhouse (Geyser & Paper)

This guide documents the successful configuration of a professional-grade Minecraft network that bypasses CGNAT and optimizes costs by offloading heavy tasks to local hardware.

Running Geyser (the Bedrock translator) on a cheap VPS often crashes it because translating network packets requires significant CPU power and RAM.

The Problem: Cheap VPS (₱300/mo) = Low CPU/RAM. Great for relaying traffic, terrible for processing it.

The Solution: Your Dell 3070 (i5, 16GB RAM) is 10x more powerful. We run the heavy translation locally.

The Trick: We use iptables on the VPS to blindly forward Bedrock traffic to your home, so the VPS CPU does zero work.

Total Operational Cost: ~₱8,280 / year (₱690 / month) excluding one-time hardware.

Objective: Create a virtual LAN cable between Japan and your Home.

Install ZeroTier on both the VPS and the Dell 3070.

Join Network: Connect both to the same Network ID.

Authorize: Check the "Auth" box in the ZeroTier dashboard.

Verify IP Addresses:

1. • Dell 3070 (Local): 10.100.100.2 (Example Placeholder)
   • Contabo (VPS): 10.100.100.1 (Example Placeholder)

Objective: Set up the game servers and the heavy translator.

Since standard repositories lack Java 21, use the portable version.

wget https://www.google.com/search?q=https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.1%252B12/OpenJDK21U-jre_x64_linux_hotspot_21.0.1_12.tar.gz
tar -xvf OpenJDK21U-jre_x64_linux_hotspot_21.0.1_12.tar.gz

Path is: /root/jdk-21.0.1+12-jre/bin/java

Run your backend servers in Docker/Portainer.

Creative: Port 25565

Survival: Port 25566

Plugin: Ensure Floodgate-Spigot.jar is in the /plugins folder of both servers.

We run this on the Host (not Docker) for stability and easier config.

Install:

1. mkdir -p /root/geyser_standalone && cd /root/geyser_standalone
   wget -O Geyser-Standalone.jar https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/standalone
   

Configure config.yml:

1. • bedrock.address: 0.0.0.0
   • bedrock.port: 19132
   • remote.address: 10.100.100.2 (Crucial: Points to Dell's own ZT IP to loop back to Velocity).
   • remote.port: 25565 (Points to Velocity's listening port).
   • auth-type: floodgate

Start Geyser:

1. Open a terminal in RDP and keep it running
   
   /root/jdk-21.0.1+12-jre/bin/java -Xmx2G -Xms2G -jar Geyser-Standalone.jar
   

If Geyser crashes with NoSuchFileException: key.pem, it means it cannot securely talk to your Docker servers. You must copy the key from Docker to the Host.

Find the Key: The Docker containers (Creative/Survival) automatically generated one. Find it:

1. find / -name "key.pem" 2>/dev/null
   

   Expected result looks like: /var/lib/docker/volumes/.../plugins/floodgate/key.pem

Copy to Geyser: Take that path and copy it to your standalone folder:

1. Replace the long path below with what you found in step 1
   
   cp /var/lib/docker/volumes/LONG_PATH_HERE/key.pem /root/geyser_standalone/key.pem
   

Restart Geyser: Now that the file exists, start Geyser again (Section 4.3 Step 4). It should say Done!.

Objective: Receive traffic and split it. TCP goes to Velocity, UDP goes to Dell.

Install Java 21: (Same steps as 4.1).

Install Velocity:

1. mkdir -p /root/velocity_data_241227 && cd /root/velocity_data_241227
   wget -O velocity.jar https://www.google.com/search?q=https://api.papermc.io/v2/projects/velocity/versions/3.3.0-SNAPSHOT/builds/latest/downloads/velocity-3.3.0-SNAPSHOT-latest.jar
   

Install Plugin: Only VeloAuth.jar is needed here. Do NOT install Geyser/Floodgate here.

[servers]
creative = "10.100.100.2:25565"
survival = "10.100.100.2:25566"

try = ["creative", "survival"]

[forced-hosts]
"https://www.google.com/search?q=mc.example.com" = ["creative"]
"https://www.google.com/search?q=sumc.example.com" = ["survival"]

[query]
enabled = true
port = 25565

This saves your VPS from crashing. It forwards all Bedrock traffic directly to the Dell via ZeroTier.

Enable Forwarding

sysctl -w net.ipv4.ip_forward=1

The Magic Rule:

"If UDP comes to port 19132, throw it to 10.100.100.2"

iptables -t nat -A PREROUTING -p udp --dport 19132 -j DNAT --to-destination 10.100.100.2:19132
iptables -t nat -A POSTROUTING -j MASQUERADE

Save rules so they survive reboot

apt-get install iptables-persistent

Dell 3070: Ensure Docker containers (creative/survival) are UP.

Dell 3070: Open Terminal, run Geyser Standalone.

1. • Check: [INFO] Started Geyser on 0.0.0.0:19132

Japan VPS: Start Velocity Headless.

1. cd /root/velocity_data_241227
   rm -f nohup.out
   nohup /root/jdk-21.0.1+12-jre/bin/java -Xmx512M -Xms512M -jar velocity.jar > nohup.out 2>&1 &
   

If "Loading Ping" appears:

Check VPS Forwarding: iptables -t nat -L -n -v (Packet count should rise).

Check Dell Geyser: Is the terminal window open? Is it showing errors?

Check Key: Does key.pem match in Geyser, Creative, and Survival folders?

Note: Bedrock players always use port 19132. Velocity handles the routing to Survival/Creative based on the subdomain they typed.