Project Summary

This project involved designing and deploying a self-hosted game server using a layered virtualization and containerization approach. I provisioned an Ubuntu Server virtual machine hosted in VirtualBox and deployed a Minecraft Bedrock Dedicated Server inside a Docker container using declarative configuration via Docker Compose. The environment was configured with security and stability in mind, including allow-list–based access control, Xbox Live authentication, controlled port exposure, persistent data volumes, and automated backup capabilities. I successfully validated server functionality by connecting from a local Bedrock client on the host machine, confirming proper network bridging, container port mapping, and service availability across virtualization layers.

During the next phase of the project, I introduced a pfSense firewall to replace the existing network edge configuration. While the server remains operational within the virtualized environment, client connectivity is currently impacted due to firewall and routing changes introduced by pfSense. I am actively troubleshooting the issue by analyzing NAT rules, firewall policies, and UDP traffic flow to restore external connectivity while maintaining a least-privilege security posture. This phase of the project focuses on real-world network troubleshooting, firewall rule validation, and secure service exposure, closely mirroring challenges encountered in small-business and enterprise infrastructure environments.

Issue details and how they were resolved

I ran into a networking issue while hosting this Minecraft Bedrock server inside Docker on an Ubuntu VM running in VirtualBox. Clients could connect briefly but would disconnect during world generation.

After isolating the layers, I determined the issue wasn’t the application or container, but packet handling at the host NIC level. Bedrock uses UDP, and Windows NIC offloading features were modifying or batching packets in a way that caused packet loss inside the VM.

I resolved it by switching the VM to bridged networking and disabling NIC offloading features like large send offload and checksum offload on the host. Once packets were passed unmodified, the server stabilized and connections became reliable.

My next goal with this project is to add gameplay mods and join the server from a separate remote network. More updates to follow.