Make own TCP Reverse Proxy with Linux (CentOS 6)

[Marko97]

[What you need?]
- Protected VPS with CentOS 6.x;
- SSH access (PuTTy for example);

[How to proceed?]

1) Log via SSH in your protected VPS;
2) Type these commands in order:

sudo su

cd /etc/init.d

cat /proc/sys/net/ipv4/conf/eth0/forwarding

sysctl net.ipv4.conf.eth0.forwarding=1

nano myproxy

3) Delete all content and type this:

sysctl net.ipv4.conf.eth0.forwarding=1

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s IP-PROXY/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport PORT-PROXY -j DNAT --to EMULATOR-IP:EMULATOR-PORT

IP-PROXY = Your IP VPS protected by AntiDDoS;
PORT-PROXY = Your port VPS protected by AntiDDoS (you can choose any port if you want);
EMULATOR-IP = Your real unprotected IP VPS;
EMULATOR-PORT = Your real unprotected IP port.
Then, press CTRL + X, press Y and press Enter;

4) Open the choosen port (PORT-PROXY) in the firewall;
5) Type these commands in order:

chmod a+x myproxy

service myproxy restart

6) Configure only the client PHP file with protected IP and protected port. In the emulator leave the original IP;
7) Start the emulator;
8) Go in this

You must be registered for see links

to test if your proxy work or not. Inside type the protected IP and protected port. If the port is open the proxy work, else I check if you've opened the port in the firewall.
9) Log in your client. ENJOY.

[I want to change my last configuration with a new IP. How to proceed?]
1) Type this command:

reboot

Then, wait until the protected VPS is rebooted;
2) Refollow all steps written above.

 

[xXSicilyXx]

Good job my friend

 

[MayoMayn]

This thread contains so many misconceptions.
In general people from the retro community doesn't know how reverse proxies works.
Where does the term "Anti DDoS" come from in this context and how is a reverse proxy related to that?
If a pentester knows what he's doing you can follow the forwarded response and stil get the IP behind the proxy.
If your reverse proxy goes down, so does the connection to the forwarded IP, since the only connection you have from the client is the IP of your reverse proxy and if that's unavailable due to downtime you wouldn't be able to connect.

Any how nice tutorial ?

 

[Marko97]

This thread contains so many misconceptions.
In general people from the retro community doesn't know how reverse proxies works.
Where does the term "Anti DDoS" come from in this context and how is a reverse proxy related to that?
If a pentester knows what he's doing you can follow the forwarded response and stil get the IP behind the proxy.
If your reverse proxy goes down, so does the connection to the forwarded IP, since the only connection you have from the client is the IP of your reverse proxy and if that's unavailable due to downtime you wouldn't be able to connect.

Any how nice tutorial ?

1) Anti DDoS because if you use a server with mitigation of attack, it's not easy to flood in the target;
2) In this forum how much people know how to bypass a reverse proxy?
3) If reverse proxy will go down, it is not my problem. I think about my server.