Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That would be easy to do with an iptables DNAT rule. You can take a large set of ports and forward them to this daemon.

    iptables -t nat -I PREROUTING -m tcp -p tcp --dport 1:79 -j DNAT --to-destination x.x.x.x:2222

    iptables -t nat -I PREROUTING -m tcp -p tcp --dport 81:442 -j DNAT --to-destination x.x.x.x:2222
...etc

Just remember to open those same ports in the INPUT rules. If you get DDoS, then also create NOTRACK target rules in the raw table to avoid hitting the conntrack table.



You truly sound like a bender. Is there a quick start to iptables somewhere? Is iptables the defacto network tool?

And can one prevent ddos using iptables?


> And can one prevent ddos using iptables?

No, but you can minimize the impact or effectiveness of the attack. This is a long topic however. Probably better suited to a blog post or a youtube video.


iptables is a firewall/NAT interface. nftables is newer and easier to learn, at least to me. You might want to get into that instead of iptables.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: