It’s a very strange use but sometimes, it can save time and money.

The big picture about the attack

You’ve few dedicated servers (not OVH) and you’ve DDOS attacks.
Firstly, you call your provider and pay for anti-DDOS protection but it’s inaccurate.
What can you do?

OVH to clean ingress

It’s extraordinary, but OVH has 2 anti-DDOS technologies that work very well: Arbor Networks & Tilera.
This combo is the most powerful to kill DDOS.

What can we do?

It’s a strange but working solution :

• We move all DNS entries (toto.domain.tld) to OVH IP
• Iptables will route input traffic to your dedicated server (not OVH)
• the client receives a reply directly from the dedicated server (not OVH)

Action!

We need to activate IP Forwarding

Sysctl

sysctl -w net.ipv4.ip_forward=1
echo "net.ipv4_forward=1" > /etc/sysctl.d/forwarding.conf

Output

Now, it’s time to do MASQUERADING for output traffic

iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE

Input

It’s where we do magic

iptables -t nat -A PREROUTING -d IP_OVH -j DNAT --to-destination IP_NOT_OVH

Persistent

We need that iptables rules to survive after a reboot

apt-get install iptables-persistent -y

Conclusion

It’s not a magic solution but can help in some way. In addition, don’t forget to harden your kernel and other configurations to survive.

You can be interested by : Migration to nftables : from ipset and bogons