New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Gameserver behind other VPS IP address
FlorinMarian
Member, Host Rep
in General
Hi !
I would like to get a non-protected dedicated server(cheap) and a VPS server with a good protection anti-ddos.
It is possible to forward all traffic from gameserver to VPS server without exposing real IP address? (non-protected)
I tried doing this thing with iptables but after ESTABLISHED connection, there it's direct connection to real IP not to fake IP anymore.
My game requires TCP and UDP, on VPS i can run any linux distribution and also i need to forward just few ports (4) not more.
Best regards, Florin.
Comments
https://wiki.buyvm.net/doku.php/gre_tunnel
I remember setting up something similar for a friend a few years ago. Used haproxy and he had up to 500 connections simultaneously. If you find a decent tutorial it takes 5 min to set up.
I'll be very thankful if you wil can help me with that. > @casualjoe said:
I will try it right now.
Thank you !
Couple tips - you'll want to get the VPS as geographically close to the dedi as possible so that you're not adding a lot of latency. And you'll want to pick a quality VPS provider that has good connectivity/peering, a fat pipe (1 gbps), and hopefully the link isn't too oversold.
I have a provider in Romania with voxility antiddos.
Their network it's good but hardware dedicated it's most cheaper saw ever..
Update: I've created tunnel IP-IP and I can ping each other but at this moment i need iptables rules to forward specific ports to tunnel. some help ?
This is not working:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
`
Stab in the dark: Your game server software leaks the IP to clients. If that's the case there is not much you can do short reverse engineering the software.
Probably you didn't understood that i wanna block any another external connection to game ports excepting this tunnel.
What's the point? If people know your real server IP it can be DDoS'd. You can't block that.
People will have restriction to dedicated server IP. They will can ddos exposed IP from VPS but that will be ddos protected.
You need a clean IP then for your dedi and hide it from potential attackers.
Also this is very easy to achieve, you can make the gameserver listen to the tunnel IP only or block any other connection with IPTables.
This is exacly what I wanna do.
Now i'm waiting for rules to forward traffic from tunnel to gameserver.
best regards, florin.
You can't restrict people from saturating your pipe. If they know the real IP you are toast. If you don't understand this there is no sense in this. Also IPTables has a manual...
How can i be a toast if they will have no acces to that ip ? PING, TCP, UDP closed.
Flood. It doesn't matter if you accept it or not. As soon as you have incoming traffic > your port speed there wont be any resources left for anyone else. That's how DDoS works. Closing ports is pointless.
Think like this.
You've decided not to answer anyone at your door for the peace of quietness but that won't stop people from knocking at it.
And some decided to knock at your door non-stop, 24 hours a day, 7 days a week to drive you insane.
Whether you answer your door or not, you are still getting (unwanted) visitors. And those with real purpose to visit you can't get to your door because of those jerks knocking at your door for no apparent reason.
A closed port still has to answer calls. You may not be notified of this but it will still answer calls. Give enough calls, it will gives you a middle finger at you and call it quits.
What game is this? Depending on the protocol, there might be a solution.