Docs
Troubleshooting

Setup checklist

Run through this checklist after setting up a network to catch the common pitfalls before they hit production.

checklistsetupverification

After you finish the Setup guide, run through this checklist. Most of the support tickets we receive are caused by one of the items here.

Network

  • The network exists and is not disabled (no red banner on the Overview page).
  • At least one Java backend is added.
  • At least one domain is verified.
  • The plan covers the expected player count (otherwise Burst Mode is configured).

DNS

  • Every player-facing subdomain is added in the panel’s Domains table (or a wildcard covers them).
  • The CNAME points at <uuid>.front-<region>.infinity-filter.com (Java) or <uid>.ip.infinity-filter.com (dedicated IP).
  • On Cloudflare, the proxy status is DNS only (grey cloud) for every relevant record.
  • (Recommended) The TXT fallback record is published and matches the panel — the CNAME alone already verifies the domain, but the TXT is a useful backstop.
  • No A or AAAA record bypasses the CNAME.

Verify quickly:

bash
<uuid>.front-de.infinity-filter.com.
"infinity-filter-verification=..."

Real-IP forwarding

  • Either PROXY protocol is on in the panel and in your proxy software (haproxy-protocol = true on Velocity), or the Infinity-Filter plugin is installed and configured.
  • You are not running both — they’re mutually exclusive.
  • On your backend, connections from real players show the player’s IP, not the edge IP.

Backend firewall

  • Infinity-Filter’s IP ranges are allowlisted at the cloud-provider firewall.
  • Infinity-Filter’s IP ranges are allowlisted at the host firewall (UFW / iptables).
  • The Minecraft port is closed to everyone else.
  • ICMP is allowed (so the Latency Test can reach you).
  • If you subscribed to the IF Discord announcements channel — yes, that’s mandatory for getting new-subnet alerts.

Verify the lockdown from a machine not on IF:

bash
timeout
14.2 ms

The direct-IP attempt should fail; the hostname should succeed.

Latency Test result

  • You ran the Latency Test before picking a region.
  • The chosen region is the one with the lowest RTT to your backend.
  • If ICMP was blocked during the test, you allowed it temporarily — and re-blocked it after if desired.

Mitigation

  • CPS threshold is raised above your normal peak CPS (default 5 is too low for most servers).
  • Antibot mode is set to Default (or Hardcore + Under Attack if you’re actively defending).
  • Under Attack mode is off in normal operation.

Bedrock (if used)

  • A dedicated IP is ordered.
  • A Geyser module backend is added in the panel.
  • DNS for the Bedrock subdomain points at the dedicated CNAME (not in the Domains table).
  • Geyser’s bedrock.enable-proxy-protocol is false.
  • If you want real-IP forwarding for Bedrock: advanced.bedrock.use-haproxy-protocol and advanced.java.use-haproxy-protocol are both true, and haproxy-protocol-whitelisted-ips lists the IF ranges.
  • Geyser is installed on every proxy in a multi-proxy setup.

Voice (if used)

  • A dedicated IP is ordered.
  • The voice plugin’s voice_host is the same value on the proxy and on every Spigot backend.
  • If running in Docker, the UDP voice port is mapped to the host (24454:24454/udp for SVC, 60606:60606/udp for PlasmoVoice — whatever your config uses).
  • The backend firewall allows the voice UDP port from IF ranges.

In-game test

  • Connect from a Minecraft client. The MOTD is correct.
  • The country flag in the launcher matches the chosen CNAME region.
  • Player count and analytics start populating in the panel within a few minutes.
  • (If applicable) A Bedrock client can connect.
  • (If applicable) Voice chat works.

What’s next

Connection issues When players can't connect at all. Common pitfalls A categorized list of the recurring mistakes.

Last updated: May 28, 2026