Find the answer to your Linux question:
Results 1 to 10 of 10
Hello, i have a server with my website and i would like to keep that server IP anonymous by buying another server which will serve as a proxy. Meaning it ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User postcd's Avatar
    Join Date
    Apr 2011
    Posts
    304

    How can i redirect all traffic to another server?


    Hello,

    i have a server with my website and i would like to keep that server IP anonymous by buying another server which will serve as a proxy.
    Meaning it will relay traffic in and out to my primary server which will stay anonymous. Please is there any guide or way to do it?

  2. #2
    Linux Newbie
    Join Date
    Nov 2009
    Posts
    214
    Have a look into port-forwarding.

  3. #3
    Just Joined!
    Join Date
    Nov 2013
    Posts
    16
    if its only HTTP traffic, you could setup a reverse http proxy server.

    That way the proxy server also caches data, and will possibly help speed up the webservice as well. however, for some dynamic content you might need to add "no-cache" in the header so that the proxy server does not provide old data to the users.

    Its quite easy to setup a reverse proxy using squid, but you can also use nginx.

  4. #4
    Linux User postcd's Avatar
    Join Date
    Apr 2011
    Posts
    304
    I found bunch of tutorials when searched for: linux reverse proxy setup
    but i did not found any which describes purpose of use im looking for. I want to achieve full forwarding of webserver requests. And possibly that no one can discover the server is just a proxy, not the target webserver. im unsure if i cant achieve it because manuals dont describe the purpose of setup the way i can understand.
    So still not found the way to do it

  5. #5
    Linux Newbie
    Join Date
    Nov 2009
    Posts
    214
    This is a simple approach and will not give you any cacheing or fancy stuff.

    I assume you have a URL which, via a DNS lookup, yields an IP address of AAA.BBB.CCC.DDD right?

    OK, AAA.BBB.CCC.DDD is some kind of border router right?

    That border router will have some kind of "firewall" facility that allows you to specify which incoming connection requests you are willing to accept.

    Set it up so that you will allow inbound connection requests for port 80, the Web Server, but re-direct it to your real Web Server on your internal box on the port you have that server configured to listen on.

    I have a couple of such scenarios and this is what I use.

  6. #6
    Linux Newbie
    Join Date
    Nov 2009
    Posts
    214
    Sorry. To add to the above, make sure that your border router is performing NAT. This will hide the true server's address from the outbound side of the router.

  7. #7
    Linux User postcd's Avatar
    Join Date
    Apr 2011
    Posts
    304
    Thank you,

    actually i just have linux virtual private server bought from datacenter, no hardware firewall, IP tables on it. So i need to somehow redirect all :80 requests to my destination hidden VPS. But how can i apply NAT on my basic linux redhat/debian installation? Also i need to set hidden server to respond only to my proxy and proxy to somehow forward the result to the client (website visitor). This is really complicated to me, that is why im looking for some tutorial which i can modiffy for my purpose, and i think i need help with finding the right one

  8. #8
    Linux Newbie
    Join Date
    Nov 2009
    Posts
    214
    Ah! Sorry. I thought you had all the relevant boxes under your own control and in your own physical space.

    Have you talked to your hoster about this?

    I must say that it would help enormously if you could somehow provide a diagram or something of what you have.

  9. #9
    Linux User postcd's Avatar
    Join Date
    Apr 2011
    Posts
    304
    Quote Originally Posted by voidpointer69 View Post
    Have you talked to your hoster about this?
    I must say that it would help enormously if you could somehow provide a diagram or something of what you have.
    Thank you, no, my servers are an unmanaged service. and here is the scheme what i want to achieve, you requested:

    two virtual private servers based on OpenVZ virtualisation.
    both in another GEO location/datacenter

    Both servers has Redhat CentOS 5.9 Final OS default installation

    First server should be used as a point of contact. I mean domain nameservers are set to this first server IP.

    the first server just relay (forward) website, mail, smtp traffic to the second server which will accept requests, process it and then answer to the first server which will send the answer to the client (example website visitor).

    Second server should be hidden and first server serve as non-transparent "proxy" so no one has a clue its just proxy.

  10. #10
    Linux Newbie
    Join Date
    Nov 2009
    Posts
    214
    OK.

    On your first server, configure your firewall to accept inbound requests only for those services you want to host on the second server. On the second server, you should do similar.

    On the first server, you must enable IP forwarding. I don't know if RH does this by default but
    Code:
    echo "1" > /proc/sys/net/ipv4/ip_forward
    will turn it on. The same command but with "0" will turn it off. I think on RH, the file /etc/sysctl.conf is your boy. Look for a line that says "net.ipv4.ip_forward =" and make sure it is set to 1 (one).

    Again on the first server, you now want to NAT so
    Code:
    /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
    /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
    should do you. I have assumed that eth0 is the internet-facing NIC.

    Again, on RH I think you need to modify /etc/sysconfig/iptables-config and ensure that IPTABLES_MODULES_UNLOAD, IPTABLES_SAVE_ON_STOP, and IPTABLES_SAVE_ON_RESTART are all set to 'yes'. This should make sure that the tables you have just configured get saved and restored on shutdown/boot.

    On your second server, the only other thing that springs to mind right now is to make sure that its default route gateway is your first server.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •