Surprise! We've been running on hardware provided by BuyVM for a few months and wanted to show them a little appreciation.
Running a paste site comes with unique challenges, ones that aren't always obvious and hard to control. As such, BuyVM offered us a home where we could worry less about the hosting side of things and focus on maintaining a clean and useful service! Go check them out and show them some love!
Description: Backend side
Submitted by cubebuilder on April 24, 2021

backend side (Bash)


# Variables
# Adjust these to match your BuyVM VPS & Backend IP's!




GATEWAY_IP=$(ip route show default | awk '{print $3}')
INTERFACE=$(ip -br addr show | grep $BACKEND_IP | awk '{print $1}')

# bring up our GRE to our BuyVM VPS

ip tunnel add gre1 mode gre local $BACKEND_IP remote $BUYVM_UNPROTECTED_IP ttl 255
ip link set gre1 up

# make sure our routing table exists

if ! grep -Fxq "100 BUYVM" /etc/iproute2/rt_tables
     echo "100 BUYVM" >> /etc/iproute2/rt_tables

# add our IP addresses
# NOTE: the IP is only used for transporting packets to/from BuyVM, nothing more

ip addr add dev gre1
ip addr add $BUYVM_PROTECTED_IP/32 dev gre1

ip rule add from $BUYVM_PROTECTED_IP lookup BUYVM
ip route add default via table BUYVM

# this is needed since we have multiple IP's on the GRE interface

iptables -o gre1 -t nat -I POSTROUTING -j SNAT --to-source $BUYVM_PROTECTED_IP

# handle our resolvers
# NOTE: this is sloppy and makes Poettering spin in his grave

echo 'nameserver' > /etc/resolv.conf
echo 'nameserver' >> /etc/resolv.conf

# finally cut over our routing
# NOTE: this will cut all access to your BACKEND IP!

ip route add $BUYVM_UNPROTECTED_IP via $GATEWAY_IP dev $INTERFACE onlink
ip route replace default via