[TUT] How to setup a DDoS TCP proxy [Linux]

[DutchenL]

The old thread: http://forum.ragezone.com/f335/tut-ddos-tcp-proxy-tutorial-959382/
As it has been closed and haproxy has been updated, it's time for a new tutorial.

You need:
- Putty
- Haproxy
- CentOS 6+
- Linux VPS (protected for example OVH)

Follow all these commands:

wget http://www.haproxy.org/download/1.6/src/haproxy-1.6.3.tar.gz

tar xvzf haproxy-1.6.3.tar.gz

cd ./haproxy-1.4.24

make TARGET=linux2628 ARCH=native

make install

cp /usr/local/sbin/haproxy /usr/sbin/

cp /root/haproxy-1.4.24/examples/haproxy.init /etc/init.d/haproxy

chmod 755 /etc/init.d/haproxy

useradd --system haproxy

mkdir -p /etc/haproxy

Copy this in the config and change it:

vi /etc/haproxy/haproxy.cfg

global
   log /dev/log local0
   log /dev/log local1 notice
   chroot /var/lib/haproxy
   stats socket /run/haproxy/admin.sock mode 660 level admin
   stats timeout 30s
   user haproxy
   group haproxy
   daemon

defaults
   log global
   mode tcp
   option dontlognull
   timeout connect 5000
   timeout client 50000
   timeout server 50000

frontend tcp_front
   bind PROTECTED_IP:PROTECTED_PORT
   default_backend tcp_back

backend tcp_back
   balance roundrobin
   server server1 VPS_IP:VPS_PORT check

VPS IP must be for example your hotels VPS IP, protected IP the Linux server.

service haproxy start
chkconfig haproxy on

Credits to Hayd3n!

 

[Funsolit]

An Easier way is to do the following

Yum install nano

yum install haproxy

nano /etc/haproxy/haproxy.cfg

* Add the config that is in this thread and save it.

then command the service to start by saying service start haproxy

 

[DutchenL]

An Easier way is to do the following

Yum install nano

yum install haproxy

nano /etc/haproxy/haproxy.cfg

* Add the config that is in this thread and save it.

then command the service to start by saying service start haproxy

No, that won't work.

 

[Funsolit]

No, that won't work.

It does on mine, i did it 2 days ago. On centos 6.6 x64

 

[DutchenL]

It does on mine, i did it 2 days ago. On centos 6.6 x64

Well, I tried the same as you said on my OVH Centos 6 server but it didn't work. Where is your VPS hosted?

 

[Funsolit]

Well, I tried the same as you said on my OVH Centos 6 server but it didn't work. Where is your VPS hosted?

Blazingfast. Although this works, the only difference that would be between hosts is if they set up their servers without allowing all ports to automaticly be open, and it that case you'd have to manualy open it through your panel.

 

[DutchenL]

Blazingfast. Although this works, the only difference that would be between hosts is if they set up their servers without allowing all ports to automaticly be open, and it that case you'd have to manualy open it through your panel.

Yeah they are probably not open at OVH

 

[Cankiee]

Noob friendly, and well written tutorial.

Thanks.

 

[MikeOxlong]

+1, thanks for updating. Well written, minus one thing;

- Linux VPS (protected [STRIKE]for example OVH[/STRIKE])

- really? OVH?

 

[Cankiee]

+1, thanks for updating. Well written, minus one thing;

- really? OVH?

- Linux VPS (protected for example OVH)

we all know that OVH isn't the best, but still better then nothing.

 

[DutchenL]

+1, thanks for updating. Well written, minus one thing;

- really? OVH?

It's an example, you have to choice yourself. What do you recommend?

 

[MikeOxlong]

we all know that OVH isn't the best, but still better then nothing.

Fair enough, however I have seen QuadraNet's VEST do a better job than OVH - and they just use some rubbish Radware firewalls. Plenty of providers using slightly better hosts on a similar or just slightly more expensive price range.

It's an example, you have to choice yourself. What do you recommend?

KMS-Hosting.de or RamNode.

 

[Cankiee]

Please stay away from "KMS-Hosting"
I only had bad experience with them + easy to takedown in my eyes.