#!/bin/bash
#
# Variables
#
# Adjust these to match your BuyVM VPS & Backend IP's!
#
BUYVM_UNPROTECTED_IP="BUYVM_UNPROTECTED_IP"
BUYVM_PROTECTED_IP="BUYVM_DDOS_IP"
BACKEND_IP="YOUR_BACKEND_IP"
#
# DO NOT CHANGE ANYTHING PAST THIS POINT
#
# make sure iptables isn't blocking FORWARD
iptables -P FORWARD ACCEPT
# enable IP forwarding and proxy ARP so we can forward our DDOS IP
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.eth0.proxy_arp=1
# bring up our GRE to our Backend server
ip tunnel add gre1 mode gre local $BUYVM_UNPROTECTED_IP remote $BACKEND_IP ttl 255
ip link set gre1 up
# add our IP addresses
# NOTE: the 192.168.168.2 IP is only used for transporting packets to/from BuyVM, nothing more
ip addr add 192.168.168.1/30 dev gre1
# route our DDOS IP down the tunnel
ip route add $BUYVM_PROTECTED_IP/32 via 192.168.168.2