2

I'm going to buy two computers which I'm going to use them for :

Computer(1).Receiving and filtering packets. ( the pc has two network boards) .CLEAROS

Computer(2).The Game server for receiving packets. (one network board ) .Windows7

Computer (1) wan ports :

  • Port1: Provider's network connection cable.
  • Port2 : Network cable connected to Computer (2).

By using only 1 computer for the game server this is how things work:

S.P = Send packets 
 Client <------S.P-------------> |server's firewall| <-------> Server

But I want to use two computers and use filters . This is how the connection will be :

P.S = Packets sending
W.N = Won't Reach

 Client ------P.S---->Computer(1)+ClearOS checking(if the client is flooding server ) ----W.N------/------> Computer(2)--->client
else
 Client -----P.S----->Computer(1)+ClearOS checking(if the client is NOT flooding server ) -----> Computer(2)----->client

So , the idea is that :

  1. Computer 1 will receive the packet

  2. ClearOS will filter the packets : Checks if it's syn flood/ddos/dos etc..

  3. ---->If there's an attack , the packets won't be sent to Computer(2) + IP Banned

    ----->If everything is fine , the packets will be sent to the game console Computer(2)

    Basically:

    How to make the ClearOS to receive the packets sent by the client then check them and send them to the Computer's 2 Game Console so that the console can receive the packets and interact with the client?

Leo
  • 121
  • 1
  • Did you try to read documentation of ClearOS? http://bit.ly/jm7hF9 There is everything explained. – 0xFF Dec 27 '12 at 13:26

1 Answers1

0

This question really sounds like it's something that belongs on superuser as it's not clear here if you're trying to run a service or just protect your computer/console while gaming.

As long as your console is behind a router that NATs the internal network, which is nearly 100% of residential and office networks these days, then only traffic flows that were initiated from the computer/console are going to make it back to the console. If UPNP is enabled on the router then it's possible that there will be a few ports forwarding traffic along to the computer/console.

To block bad traffic sources what you're looking for is an IPS (Intrusion Prevention System). ClearOS, like most opensource projects, implements this using Snort. This may or may not work for you out of the box so be prepared to learn how to tune and possibly write snort rules. You'll want to run it in a mode to just log the events and not block at first while you get things setup to avoid false positives.

There are limits to this approach at dealing with most DOS and DDOS attacks. If that's what you're trying to protect yourself against you'll have to look else where as dropping traffic after it's saturated your WAN link isn't going to keep you online. You may also need to tune or enable a few option in ClearOS to harden it a bit to syn floods if that's an attack vector that you see. This means enabling syn cookies, increasing the tcp syn backlog, and reducing the ack retries so that states don't sit on the tcp stack for too long. But these measures only help and a large enough syn flood can still cause issues.

And as a side note I'd personally suggest using pfSense which is purpose built for this fort of application rather than ClearOS. ClearOS tries to be a do it all for a small business type of solution.

3dinfluence
  • 12,409
  • 2
  • 27
  • 41