Linux Port Redirection - Udp Proxy Firewall

Status
Not open for further replies.

developerm

Member
May 22, 2016
17
0
41
Hello guys,

I have questions about udp proxy redirect and i want ask for isp or network master r4p3 member.
You know some firewall, ddos mitigation services using udp proxy redirect method.

This method's logic is one ddos protected server (for example: hosteam.pl servers) udp port redirect to another non-protected vps server.
For example working logic:
178.217.0.0 port: 1111 -> (redirect to) 185.26.140.0 port: 9987
So you connect 178.217.0.0:1111 you will auto redirect to 185.26.140.0:9987
So if we do this then user will cant know our non-protected server ip and we have protected our non-protect server.

And my question is how can we do this?

Already thanks for all comments.
(Sorry for bad english)
 

developerm

Member
May 22, 2016
17
0
41
Install a GRE tunnel. Then you can use the protected ip to connect to your server.
Gre tunneling logic is all traffic coming before protected server and outgoing to non-protect server.
I dont want this shit, i mean only redirect with udp protocol.
So like cloudflare SRV records. (only for safely redirect)
Thanks for your idea.
Anybody have another solutions?
 

JoKeR

Member
Apr 21, 2016
73
36
53
Simply setup a gre tunnel. Anything else will not work and its easy to get your real ip. Because teamspeak need the real server ip to communicate ;)
 

developerm

Member
May 22, 2016
17
0
41
Simply setup a gre tunnel. Anything else will not work and its easy to get your real ip. Because teamspeak need the real server ip to communicate ;)
I think i will try gre tunneling but before my quest continues.
Guys do you have any idea?
 

Jenkinz

Member
Jul 8, 2016
1
0
33
If your main goal is to prevent any person from launching a DDoS or DoS attack against your services, port forwarding or redirecting UDP traffic isn't going to help, if it was some 12-year-old script kiddy looking to show off against his friends, he would probably hit the honey pot off (Which in your case is REMOVED on port 1111 if I'm not mistaken) Call your hosting provider about redirects, or go into your admin CP. If not, I guess you best be learning SSH and Linux commands to redirect the traffic. If someone was trying to do real damage they would use Nmap to find the port of attack and if they can't find the source IP or they find the dummy IP of REMOVED , they could traceroute or hop on the trail by connecting to REMOVED and using Wireshark to sniff where the packets are going. No real protection of hiding IPs unless you are hosting on a web server, that's a different story. Best of luck with the DDoS protection tough!
 
Last edited by a moderator:

NatureNMoon

Restricted
Jul 8, 2016
70
124
86
Hello,

1. Step:
You can use these rules for routing
iptables -t nat -A PREROUTING -p udp –dport 9987 -i eth0 -j DNAT –to-destination 185.26.140.0:9987
iptables -t nat -A POSTROUTING -p udp –dport 9987 -o eth0 -j SNAT –to-source 178.217.0.0:1111
iptables -A FORWARD -j ACCEPT
2. Step:
nano /etc/sysctl.conf
You should edit this "net.ipv4.ip_forward=0" as "net.ipv4.ip_forward=1" than save and exit
use this code for commit the rules "sysctl -a"

"Do not forget to package ACCEPT on the other server, if you don't, it won't work!"
"Example Accept Rule: iptables -A INPUT -s ipaddress -j ACCEPT"
Have fun but don't forget! This's not about DDOS prevention or mitigation be careful!
 
Status
Not open for further replies.
Top