Tutorial: Voxility GRE tunneling from your HostingFuze Network DDoS Filtered VPS/DVS IP

free voxility ddos protections

What is a Voxility GRE tunnel?

Much like a proxy, a Voxility GRE tunnel allows you to pass traffic from your HostingFuze Network VPS including DDoS filtering to another remote destination.

Voxility GRE tunnels allow all traffic through, not just HTTP. With a Voxility GRE tunnel you can serve, and deliver any type of content from any type of server (audio, FTP, SSH, SCP, video, etc.).

What can your use a Voxility GRE tunnel for?

Voxility GRE tunneling is very handy when you want to use our DDoS filtering services to protect services that are too large to host with us (I.e. game servers, Java applications, large database driven applications, etc.).

Don’t have root access for your destination server or are running a huge Windows deployment? Check out our alternative method to redirect traffic to your remote server.

Note: If you are tunneling to an OVH server, you most likely don’t have GRE support in your kernel. You’ll need to use a IPIP tunnel instead.

Voxility GRE Tunnel How-to Tutorial Begins Here

Our how-to tutorial to setup a Voxility GRE tunnel between HostingFuze Network DDoS filtered VPS IP and your remote server starts here.

Following the simple instructions below you should be able to create a Voxility GRE tunnel in under 20 minutes.

Supported Operating Systems

It is possible to use Windows to create, and forward your Voxility GRE tunnel. If you need to protect a Windows server please consider purchasing a KVM plan.

In this document we’ll only be covering a Linux Voxility GRE tunnel configuration.

Tunnel Setup

First we need to set our tunnel up.

On your HostingFuze Network VPS please execute the following commands:

echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
iptunnel add gre1 mode gre local YOUR_UNFILTERED_IP remote DESTINATION_SERVER_IP ttl 255
ip addr add dev gre1
ip link set gre1 up

On the remote server you wish to protect run the following:

iptunnel add gre1 mode gre local DESTINATION_SERVER_IP remote YOUR_UNFILTERED_IP ttl 255
ip addr add dev gre1
ip link set gre1 up

You will always want to form your GRE with your unfiltered IP address for all Voxility GRE tunnels to make sure you don’t run into any sort of MTU issues or trigger the DDOS protection.

Please note the first line of each changes to mark what IP to use locally and which remotely. The 2nd line documents each end point. In a /30, 2 IP’s are usable: .1 and .2.

Test your New Voxility GRE Tunnel with Ping

On your HostingFuze Network VPS, you should now be able to ping

For the sake of completeness, test pinging from your destination server.

Setup Source Route Tables

Source route entries are required to make sure data that came in via the Voxility GRE tunnel is sent back out the Voxility GRE tunnel.

Please execute the following commands on the destination server.

echo '100 HFNVM' >> /etc/iproute2/rt_tables
ip rule add from table HFNVM
ip route add default via table HFNVM

Please note that the echo command only needs to be ran once. The entry will be saved into /etc/iproute2/rt_tables until you remove it manually.

Initial NAT Entries to Move Data over Voxility GRE Tunnel

NAT is used to pass data over our GRE and out the other end.

While it would be possible to use a KVM based VPS with a purchased /29 allocation, this guide doesn’t cover that.

On your HostingFuze Network VPS run the following command:

iptables -t nat -A POSTROUTING -s ! -o gre+ -j SNAT --to-source YOUR_FILTERED_IP

Test Outbound Connections

On your destination server you can run either of the following commands to see if the tunnel is passing traffic properly:

curl http://www.cpanel.net/showip.cgi --interface
wget http://www.cpanel.net/showip.cgi --bind-address= -q -O -

The IP dumped should be your HostingFuze Network filtered IP.

Forwarding Ports Over your GRE Tunnel

To make things easier, we’ll forward all ports to the backend server.

Run the following commands on your HostingFuze Network VPS:

iptables -t nat -A PREROUTING -d YOUR_FILTERED_IP -j DNAT --to-destination
iptables -A FORWARD -d -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

If you’re wanting to get more specific, you could add:

-p tcp --dport 25565

If you just wanted to protect a minecraft server for instance.

The first rule sets up the actual port forwarding and the second rule makes sure that connections get NAT’d, and matched back properly.

At this point you should be able to connect to YOUR_FILTERED_IP and the destination port with your application and get passed through the Voxility GRE tunnel without issue.

Restarting your Voxility GRE Tunnel After Rebooting

You can edit /etc/rc.local with your favourite editor of choice (or WINSCP even) and place all the commands we just ran before the exit 0at the bottom.

Your distribution of choice (like Debian) may have hooks in /etc/network/interfaces to bring your Voxility GRE tunnels up at boot time but that’s outside the scope of this guide.