New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Yes,
If you are using a DDoS protection service this may be called "DMZ" (Or atleast it is in our case).
You can either NAT everything or forward anything (depending on if you have any other rules for filtering setup that require NAT). Removing the destination port condition will NAT everything.
You will need a rule for both TCP and UDP. Additionally if this is for DDoS protection be sure to factor in the potential strain on conntrack entries against a random destination port attack.
、
How do I configure that? I just need to tunnel it from one of my VM to the other and forward everything. Any tutorials?
http://wiki.buyvm.net/doku.php/gre_tunnel
I don't see why more people don't just use xinetd. Maybe GRE is more private (I wouldn't know) but it seems like most people just want to forward traffic. I used this just a bit ago to migrate MXroute, with a DNS change, without interrupting service.
http://azouhr.wordpress.com/2012/06/21/port-forwarding-with-xinetd/
I am using it. But how do you modify the NAT to forward all ports?
Unfortunately I don't have access to my computer to check, but I guess it would be an IPTables rule.
There are IPtable rules on Buyvm's wiki
iptables -t nat -A PREROUTING -p tcp -d YOUR_FILTERED_IP --dport 25565 -j DNAT --to-destination 192.168.168.2:25565
iptables -A FORWARD -p tcp -d 192.168.168.2 --dport 25565 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
To follow the instructions given:
If this is a secondary IP, you can do it without involving iptables at all.
Route anything that hits the IP through the GRE endpoint, done.
Do I still need
iptables -t nat -A POSTROUTING -s 192.168.168.0/30 -j SNAT --to-source YOUR_FILTERED_IP
Yes. It is secondary IP! Could you give me route command?
Try reading http://linux-ip.net/html/tools-ip-route.html if this is Linux.
What you want to do is route traffic to the /30 (or /32) to the IP of the GRE endpoint on the other side (Make sure it works first and is reachable).
Something like the following essentially (Note that other initialization steps have been skipped, and you need to read up on how it works before trying it. Your tunnel should be initialized through the main IP),
If you want encryption, look at n2n/ipsec. You may also need to use source routing to make sure traffic goes out the right IP/interface.
Edit: LET appears to try to parse HTML even inside pre blocks, this is a massively annoying bug, imo.
That's not a bug. It's apart of the HTML5 spec. Use code and pre tags together.
http://www.w3.org/TR/html401/struct/text.html#edef-CODE
http://www.w3.org/TR/html401/struct/text.html#edef-PRE
For example, to bold parts of code in markdown: http://stackoverflow.com/questions/10063896/how-do-i-add-markdown-formatting-in-a-code-pre-block