The switch isn't needed.

Thanks for this, much appreciated.

Earlier on in the thread you posted this ‘Bear in mind your public IP address will be dynamic so you will need to use a DDNS service on the hub.’ I’ve had a Quick Look and no-ip seems to be recommended by a few people. With this in place would you recommend anything else to make it more secure or will this be enough?

For context. My daughter wants to setup a Minecraft server that will allow around 6-7 friends to access. My only concern is that it be secure.

Thanks again.

No IP will be fine.

Thanks again. 👍

Bear in mind that frequently now you don't get a unique public IP Address as these are running out and a system called CG-NAT is used where a number of users share the public IP address so using a DDNS isn't possible. Directing to the correct users is done at the ISP level.

One option is possibly to pay extra for your own static IP address if offered or ?? - I don't know that yet as I'm trying to find a solution myself without the extra expense of renting my own static address.

As far as I'm aware, BT aren't using CG-NAT currently, neither do they offer static IP addresses for residential customers.

The way I have it setup currently, and this is slightly more pricy and complicated, is I have the Minecraft server port forwarded through the BT hub, then I have a domain I purchased that links to the external IP through DNS. So players join using that instead of the IP.

Then I have a Python script that runs on the server every 5 minutes that checks the machine's external IP against its previously stored one. If it is different, then it pings me on Discord to update the DNS record to the new value.

It works, although I have only put it in place recently. So I haven't got a live example of it working, only the test data.

As far as security concerns go, the only port you are exposing is 25565, which is monitored solely by the Minecraft server. A port can only be accessed by one thing at a time, so if the Minecraft server is using it, nothing else except traffic for the server can access the machine. If you were to try to access the IP or domain remotely through Google for example from an external connection, all you will get is a "Refused to connect message".

If you did so internally, then you will get the router's none admin config page.

DDNS does all that automatically. You don't connect to an IP address with DDNS.

I don't have Dynamic DNS setup because I don't particularly want to rely on third-party software. If I end up changing the DNS record that much that it becomes a problem, then I will look into that option.