• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Question reserve proxy help

#3
Reverse Proxy per UDP is quite annoying, because anyone connecting through a proxy has the same ip. A better solution is to tunnel GRE or IPIP that hides our server address, but you have your own address ipv4 with the isp.

Was already discussed, multiple times, use the search function
https://r4p3.net/threads/found-proxy-support-for-teamspeak.481/
Fast udp proxy

echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
iptables -t nat -A PREROUTING -p udp --dport 9987 -j DNAT --to-destination ipnoprotected:9987
iptables -t nat -A POSTROUTING -j MASQUERADE
 
Last edited:
#4
If you want that the whole ts3 traffic should go through another server, do this:

echo "1" > /proc/sys/net/ipv4/ip_forward
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p udp --dport 9987 -j DNAT --to-destination yourip:9987
iptables -t nat -A PREROUTING -p tcp --dport 10011 -j DNAT --to-destination yourip:10011
iptables -t nat -A PREROUTING -p tcp --dport 30033 -j DNAT --to-destination yourip:30033
iptables -t nat -A PREROUTING -p udp --dport 2010 -j DNAT --to-destination yourip:2010
iptables -t nat -A PREROUTING -p tcp --dport 41144 -j DNAT --to-destination yourip:41144
iptables -t nat -A PREROUTING -p tcp --dport 2008 -j DNAT --to-destination yourip:2008
iptables -t nat -A POSTROUTING -j MASQUERADE
 

Asphyxia

Web Admin
Administrator
Moderator
#5
Reverse Proxy per UDP is quite annoying, because anyone connecting through a proxy has the same ip. A better solution is to tunnel GRE or IPIP that hides our server address, but you have your own address ipv4 with the isp.



Fast udp proxy

echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
iptables -t nat -A PREROUTING -p udp --dport 9987 -j DNAT --to-destination ipnoprotected:9987
iptables -t nat -A POSTROUTING -j MASQUERADE
I very much agree, at that point you would just need to use internal addresses for within a VPN/proxy connection, here is a good mentioning regarding this. Because some people may wish to have the data encrypted from the client to the server. If privacy is the concern here, we do not want the ISP (for every client) involved with the VoIP IP address.

the openvpn server does not know the MAC address of the clients ; in 'tap' mode it might know the mac address of the client 'tap' adapter but this is a random address. In 'tun' mode the MAC address of the client is not known at all.

You can ensure that a client gets a static IP address using the name of the client certificate; make sure each openvpn client has a unique certificate name (/CN=....) and then assign an IP address based on this. This can be done using either 'ifconfig-pool-persist ipp.txt' or it can be done using a client configuration file:

1) create a directory /etc/openvpn/ccd
2) configure the server to use
Code:
topology subnet
client-config-dir /etc/openvpn/ccd
3) inside this directory, create a file with the name of each client certificate and with NO extension
4) the contents of this file would be
Code:
ifconfig-push 10.10.10.X 255.255.255.0
or whatever your 'server' IP range is.
Source:
You do not have permission to view link Log in or register now.
 
Last edited: