-1

I am having a few dedicated machines in a few hosting companies which either do not offer DDOS protection or their protection is awful. I've been contacting a few hosting companies and friends and got a suggestion about using OVH VPS as the first layer of connection or a VPN.

So members who want to access the server on my main Dedicated machine would go through my VPS first which in case of a ddos will just block further connection but will protect the current connected users.

I am interested if this is a good solution and if yes is there any valid tutorial i could follow into making this happen

Javier Alfredo Hernandez
  • 50
  • 1
Nemanja Rankovic
  • 1
  • What do you want to *achieve*? Your vps won't cope any better with a DDoS than your dedicated machine, so you've simply moved the point of failure. – vidarlo Feb 26 '22 at 20:59
  • @vidarlo OVH does include DDoS blocking that is somewhat effective. The have lots of clients with game servers, that tend to attract attacks. – Zoredache Feb 27 '22 at 00:04
  • Anyway kinda depends on your service, and how important. I would wonder if Cloudflare is the better answer, or some other service designed for that. I wouldn't really trust a cheap VPS to be in front of any critical 'production' service. – Zoredache Feb 27 '22 at 00:08
  • I am trying to create a Game Hosting services currently going private for few friends and clients, but as soon as i try to grow a little bit my customers get attacked and all players across all gametype and servers get kicked, which i want to avoid and try to patch – Nemanja Rankovic Feb 27 '22 at 02:52
  • Questions on Server Fault must be about managing information technology systems in a business environment. Home and end-user computing questions may be asked on Super User, – djdomi Feb 27 '22 at 07:37

1 Answers1

0

That is definitely not a good idea and will not serve you in the way you think it will. You will simply add latency and overhead.

If you route incoming connections over a proxy like this, the already connected users will be handled by the proxy as well, dropping their connections when you turn off the routing between the machines

A construct where users would initially connect through the VPS and have their connection handed over to the other server would imply that the other server has exposed connectivity, rendering the complete setup absolutely useless - you wouldnt stop anyone from just hitting the dedicated server again

If you are worried about DDoS attacks on your front-facing infrastructure, you could think about simply using a specialized service to achieve protection (think Cloudflare)

For non-public services, make sure to secure your server with the usual practices: Fail2ban, UFW, etc

OVH also apparently protects their network against DDoS attacks by default.

Moritz Bruckner
  • 1
  • 1