I have a webserver that requires a public IP for licensing purpose it's on a CentOS server and I'm currently using iptables for a firewall. I've been getting UDP DDoS floods recently that although they are filtered by iptables (very top rule) they are raping my dual Xeon CPUs. Granted the CPUs are already doing a lot of work but still that's a TON of packets. Enough so that the services become inaccessible for a few minutes. So I want to put a separate firewall in front of this web server. I plan to use Untangle which is a linux based firewall OS.
But my question is how do I configure a firewall to have a public IP behind it? NAT won't work for this because the software on the server checks the IP on the NIC and verifies it with an outside licensing database. I haven't tried anything yet because this service can't be down except in the middle of the night so I would like to have a solid plan before I start messing around.
//I'm a DBA but networking isn't my forte, any help would be appreciated.
Thanks in advance!
-Preston
incase it helps:
_______
|Modem\|
| Router |
-----|-----
-----|-----
|Proposed|
| Firewall |
-----|-----
-----|-----
|Server|
//Q&D ASCI ART FTW
Edited by pr0n, 15 April 2010 - 02:41 PM.