#!/bin/bash

#
# Variables
#
# Adjust these to match your BuyVM VPS & Backend IP's!
#

BUYVM_UNPROTECTED_IP="BUYVM_UNPROTECTED_IP"
BUYVM_PROTECTED_IP="BUYVM_DDOS_IP"

BACKEND_IP="YOUR_BACKEND_IP"

#
# DO NOT CHANGE ANYTHING PAST THIS POINT
#

# make sure iptables isn't blocking FORWARD

iptables -P FORWARD ACCEPT

# enable IP forwarding and proxy ARP so we can forward our DDOS IP

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.eth0.proxy_arp=1

# bring up our GRE to our Backend server

ip tunnel add gre1 mode gre local $BUYVM_UNPROTECTED_IP remote $BACKEND_IP ttl 255
ip link set gre1 up

# add our IP addresses
# NOTE: the 192.168.168.2 IP is only used for transporting packets to/from BuyVM, nothing more

ip addr add 192.168.168.1/30 dev gre1

# route our DDOS IP down the tunnel

ip route add $BUYVM_PROTECTED_IP/32 via 192.168.168.2