When you normally launch or host a website through Linux Web Server Software such as Apache, Lighttpd or Nginx, you will be freely publicizing your server’s IP Address unless you use a 3rd party DNS service to conceal your server’s IP.
There are various ways to conceal your server’s IP Address from normal consumers to protect yourself from raw intrusions however that requires quite a bit of funding. One service which is quite big, widely known and provides free DNS nameserver for disposal is Cloudflare. Cloudflare provides their consumer with 3-4 packages - Basic (free), Pro ($20/m.), Business ($200+/m.) and Enterprise ($5000/m.).
If your server is not DDoS protected and if your server suffers an attack, you will go down easy, it is the same for the server hosting this blog as well. No DDoS protection nor have I tried to hide my server’s IP Address.
To keep the blog short, proxy redirection uses a small server compared to your main server, around 1-2 GB RAM and couple gigs hard disk space should suffice and would be great if it also has a full fledged DDoS Protection.
Redir redirects tcp connections coming in to a local port to a specified address/port combination. It may be run either from inetd or as a standalone daemon. Depending on how redir was compiled, not all options may be available. (- Redir)
I use CentOS 6 therefore, this guide shall reflect my way of installing Redir in CentOS systems.
First of all download the package manager from Redir’s Official download page, make sure your OS settings match the package provided by Redir.
Using wget, we can download the
.rpm package ..
Please do keep in mind, the asterisk (*) is replaced by your needs and your system infrastructure.
After the package arrives in your system, you may execute the
.rpm file with ..
After installation of Redir in your system, you may add or execute the command to redirect the incoming packets from the local port to a remote port of your choice. For better security and to minimize the intrusion abuse, add an exception in IPTables in your main-server to receive packets/traffic from the proxy server only so that any other raw connections to your main server will either be rejected or dropped. (I personally like dropping the requests without any warning!)
In order to redirect the traffic from server A with an IP of (126.96.36.199) to B with an IP of (188.8.131.52) or vice-versa is to run this command through your terminal in either of the server depending on your need (incoming/outgoing).
After you add this, you might also want to add this code to the startup to launch this setting if in case anything happens to the server which requires a reboot. You can optimize the Redir’s setting while typing the code, Redir takes the following options/parameters for its settings.
rc.local file holds a list of command to be executed after initial system reboot and after system programs are loaded.
rc.local file with the full path and the bash script in the end.
Now that we know how to setup a redirection, lets add an IPTables rule in our main server to accept the traffic from that specific IP Address and port.
I am not implying that you can only use port 80 redirection, it was just an example which you can make changes to your need and necessities. If you have a dedicated proxy redirection setup (in simple words, many proxy redirection setup), you might want to look into Squid which could help you save lots of bandwidth.
This very same method can be used to deflect a medium DDoS attacks, depending on your server provider’s service. If you have a dedicated IP to null-route or filter traffic, it can very well be used as a Firewall, literally.
Very sad however, I have yet to find good yet cheap host which provides those features for someone with minimal budget like myself. I shall continue the search nonetheless.
~ Good Luck!