NEW - TCP Reverse Proxy Setup
Hi all, so I did a tutorial a while back (link) and it worked well, but that's a little dated now so I've decided to make a new one that is far better!.
First things first, you'll need a DDoS protected VPS - now in this tutorial we'll be looking at Linux VPS - however this is a very specific type - you must use KVM/Xen/VMWare as otherwise this tutorial will not work! (For OpenVZ either PM me or look at the link above). If you need any help, just shoot me a PM or reply to this topic! I'll be more than happy to help you! I would also reccomend using Debian 7 as the OS. (this tutorial will cater for users of Debian)
I recommend Hosteam as a provider as they are DDoS protected and have a KVM product line.
Ingredients:
- Nano Text Editor
- Linux OS
- DDoS protected VPS
- About 5 minutes of time
- SSH Client (tutorial)
So first, open your SSH client and log on to your server.
Then, you should update, upgrade and install nano.
PHP Code:
apt-get update
apt-get upgrade
apt-get install nano
Afterwards, change directory to the /etc/init.d directory and open a document there called myproxy
PHP Code:
cd /etc/init.d
nano myproxy
Now, paste this into the file - replacing the bits in red.
Code:
iptables -F
iptables -F -t nat
echo 1 >| /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp -d ddosprotectedvpsip--dport portyouwishtouse -j DNAT --to emulatorip:emulatorport
iptables -t nat -A POSTROUTING -j MASQUERADE
Then press Ctrl + O (to save it) and Ctrl + X to exit. (CMD on a Mac)
Now, enter this into the SSH console
PHP Code:
chmod a+x myproxy
update-rc.d myproxy defaults
Afterwards, Reboot and test. You should now have a fully functioning reverse proxy.
Thanks for reading,
Mike.
Re: NEW - TCP Reverse Proxy Setup
good work on helping the community, nice tut
Re: NEW - TCP Reverse Proxy Setup
I hope this will help, will test it and give a review back on it. Even my Proxy Host cannot take the DDoS attack i always get.
Sometimes my Proxy is offline because they try to attack my hotel. Will get a server are there any requirements of RAM you need or HDD?
I dont expect so.
Re: NEW - TCP Reverse Proxy Setup
Quote:
Originally Posted by
TuxNL
I hope this will help, will test it and give a review back on it. Even my Proxy Host cannot take the DDoS attack i always get.
Sometimes my Proxy is offline because they try to attack my hotel. Will get a server are there any requirements of RAM you need or HDD?
I dont expect so.
It depends on the method. This method of reverse proxy takes 12MB of RAM with about 300+ connections. Some others require a lot more.
I can look into the issue if you shoot me a PM :)
- - - Updated - - -
Quote:
Originally Posted by
TuxNL
I hope this will help, will test it and give a review back on it. Even my Proxy Host cannot take the DDoS attack i always get.
Sometimes my Proxy is offline because they try to attack my hotel. Will get a server are there any requirements of RAM you need or HDD?
I dont expect so.
It depends on the method. This method of reverse proxy takes 12MB of RAM with about 300+ connections. Some others require a lot more.
I can look into the issue if you shoot me a PM :)
Re: NEW - TCP Reverse Proxy Setup
Any help?
root@pipe:/etc/init.d# update-rc.d myproxy defaults
update-rc.d: using dependency based boot sequencing
insserv: warning: script 'K01myproxy' missing LSB tags and overrides
insserv: warning: script 'myproxy' missing LSB tags and overrides
Regards
Re: NEW - TCP Reverse Proxy Setup
Should also make a tutorial for how to setup a web proxy for port 80, the biggest problem these days are attacks against the website(Layer 7).
Re: NEW - TCP Reverse Proxy Setup
Quote:
Originally Posted by
Exonize
Should also make a tutorial for how to setup a web proxy for port 80, the biggest problem these days are attacks against the website(Layer 7).
Cloudflare 'I'm Under Attack' Should fix Layer7 - Never getting attack by Layer7 anymore after that. :)
Re: NEW - TCP Reverse Proxy Setup
Quote:
Originally Posted by
UartigZone
Cloudflare 'I'm Under Attack' Should fix Layer7 - Never getting attack by Layer7 anymore after that. :)
It's easily bypassed, might require some more power but still not a great option.
Re: NEW - TCP Reverse Proxy Setup
Quote:
Originally Posted by
Exonize
It's easily bypassed, might require some more power but still not a great option.
People who pay for a DDoS attack may not be able to break it, only if you are botnet/servers administrator that you could be able to bypass it. Not to mention if you only allow with captcha and all.
Re: NEW - TCP Reverse Proxy Setup
Quote:
Originally Posted by
Exonize
It's easily bypassed, might require some more power but still not a great option.
Please supply me with a method, the OutFlare method is patched.
Re: NEW - TCP Reverse Proxy Setup
Also make sure to change the {server_ip} so people can't make it echo... I've seen some hotels fail to do this. (Rather than just changing the client.php file)
Re: NEW - TCP Reverse Proxy Setup
I can confirm that cloudflare isnt enough for protecting against Layer7-attacks.
Just a moment... can easily take down cloudflare, and even knock emulators offline by just attacking the proxy ip:port :P
Re: NEW - TCP Reverse Proxy Setup
Cloudflare directs the traffic to your server if you have a free account. I think over 1gbps they stop standing in front of your site. Cloudflare isn't made for DDoS protection, nor a reverse proxy. It's a performance booster.
Re: NEW - TCP Reverse Proxy Setup
Quote:
Originally Posted by
oleaa
2 years ago, i think youre on a subject you don't know so much about.
There is a few methods that will bypass CloudFlare "exploits" and then reach your server. I actually have traffic on my websites and are constantly under attack so I probably know more then you ever will.
It's true what the people above me wrote, go try it yourself if you think CF is so bulletproof.
Re: NEW - TCP Reverse Proxy Setup
Have anyone of you even tried to bypass it?