It’s a very strange use but sometimes, it can save time and money.<\/p>\n\n\n\n\n\n\n\n
You’ve few dedicated servers (not OVH) and you’ve DDOS attacks.
Firstly, you call your provider and pay for anti-DDOS protection but it’s inaccurate.
What can you do?<\/p>\n\n\n\n
It’s extraordinary, but OVH has 2 anti-DDOS technologies that work very well: Arbor Networks & Tilera.
This combo is the most powerful to kill DDOS.<\/p>\n\n\n\n
It’s a strange but working solution :<\/p>\n\n\n\n
We need to activate IP Forwarding<\/p>\n\n\n\n
sysctl -w net.ipv4.ip_forward=1\necho \"net.ipv4_forward=1\" > \/etc\/sysctl.d\/forwarding.conf<\/code><\/pre>\n\n\n\nOutput<\/h4>\n\n\n\n
Now, it’s time to do MASQUERADING for output traffic<\/p>\n\n\n\n
iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE<\/code><\/pre>\n\n\n\nInput<\/h3>\n\n\n\n
It’s where we do magic<\/p>\n\n\n\n
iptables -t nat -A PREROUTING -d IP_OVH -j DNAT --to-destination IP_NOT_OVH<\/code><\/pre>\n\n\n\nPersistent<\/h4>\n\n\n\n
We need that iptables rules to survive after a reboot<\/p>\n\n\n\n
apt-get install iptables-persistent -y<\/code><\/pre>\n\n\n\nConclusion<\/h2>\n\n\n\n
It’s not a magic solution but can help in some way. In addition, don’t forget to harden your kernel and other configurations to survive.<\/p>\n\n\n\n