Linux Port Redirection - Udp Proxy Firewall

Discussion in 'Network' started by developerm, Jun 18, 2016.

Thread Status:
Not open for further replies.
  1. developerm

    developerm New Member

    Hello guys,

    I have questions about udp proxy redirect and i want ask for isp or network master r4p3 member.
    You know some firewall, ddos mitigation services using udp proxy redirect method.

    This method's logic is one ddos protected server (for example: hosteam.pl servers) udp port redirect to another non-protected vps server.
    For example working logic:
    178.217.0.0 port: 1111 -> (redirect to) 185.26.140.0 port: 9987
    So you connect 178.217.0.0:1111 you will auto redirect to 185.26.140.0:9987
    So if we do this then user will cant know our non-protected server ip and we have protected our non-protect server.

    And my question is how can we do this?

    Already thanks for all comments.
    (Sorry for bad english)
     
  2. graphic

    graphic New Member

    Install a GRE tunnel. Then you can use the protected ip to connect to your server.
     
    developerm likes this.
  3. developerm

    developerm New Member

    Gre tunneling logic is all traffic coming before protected server and outgoing to non-protect server.
    I dont want this shit, i mean only redirect with udp protocol.
    So like cloudflare SRV records. (only for safely redirect)
    Thanks for your idea.
    Anybody have another solutions?
     
  4. JoKeR

    JoKeR Member

    Simply setup a gre tunnel. Anything else will not work and its easy to get your real ip. Because teamspeak need the real server ip to communicate ;)
     
    developerm likes this.
  5. developerm

    developerm New Member

    I think i will try gre tunneling but before my quest continues.
    Guys do you have any idea?
     
  6. Agusanz

    Agusanz Contributing Member

    Use a GRE Tunnel. lmao
    Did your quest end already?
     
  7. Datalow

    Datalow Active Member

  8. Jenkinz

    Jenkinz New Member

    If your main goal is to prevent any person from launching a DDoS or DoS attack against your services, port forwarding or redirecting UDP traffic isn't going to help, if it was some 12-year-old script kiddy looking to show off against his friends, he would probably hit the honey pot off (Which in your case is REMOVED on port 1111 if I'm not mistaken) Call your hosting provider about redirects, or go into your admin CP. If not, I guess you best be learning SSH and Linux commands to redirect the traffic. If someone was trying to do real damage they would use Nmap to find the port of attack and if they can't find the source IP or they find the dummy IP of REMOVED , they could traceroute or hop on the trail by connecting to REMOVED and using Wireshark to sniff where the packets are going. No real protection of hiding IPs unless you are hosting on a web server, that's a different story. Best of luck with the DDoS protection tough!
     
    Last edited by a moderator: Jul 5, 2017
  9. naturenmoon

    naturenmoon New Member

    Hello,

    1. Step:
    You can use these rules for routing
    iptables -t nat -A PREROUTING -p udp –dport 9987 -i eth0 -j DNAT –to-destination 185.26.140.0:9987
    iptables -t nat -A POSTROUTING -p udp –dport 9987 -o eth0 -j SNAT –to-source 178.217.0.0:1111
    iptables -A FORWARD -j ACCEPT
    2. Step:
    nano /etc/sysctl.conf
    You should edit this "net.ipv4.ip_forward=0" as "net.ipv4.ip_forward=1" than save and exit
    use this code for commit the rules "sysctl -a"

    "Do not forget to package ACCEPT on the other server, if you don't, it won't work!"
    "Example Accept Rule: iptables -A INPUT -s ipaddress -j ACCEPT"
    Have fun but don't forget! This's not about DDOS prevention or mitigation be careful!
     
  10. Alligatoras

    Alligatoras Moderator

    /Old
    /Closed
     
Thread Status:
Not open for further replies.

Share This Page