I have a simple lamp server setup here, and I would like to make it as difficult as possible for my visitors to track me down. I have a dynamic public IP which I somehow have to hide. Now I could set up a a server on the onion/tor network, but can I achieve a similar level of anonymity on the clearnet?
1 Answer
To some degree, yes, with a VPS + GRE tunnel like with http://wiki.buyvm.net/doku.php/gre_tunnel -
# on the VPS
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
iptunnel add gre1 mode gre local VPS_IP remote LAMP_WEBSERVER_IP ttl 255
ip addr add 192.168.168.1/30 dev gre1
ip link set gre1 up
# on your lamp server
iptunnel add gre1 mode gre local LAMP_WEBSERVER_IP remote VPS_IP ttl 255
ip addr add 192.168.168.2/30 dev gre1
ip link set gre1 up
or (again, using a VPS), you could do some simple packet forwarding with just iptables:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination DESTINATION_SERVER_IP:80
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination DESTINATION_SERVER_IP:443
So that visitors go to your VPS which forwards to you. These are both similar to what CDN/DDoS protection services such as CloudFlare provide. Of course, if something on your website discloses your public IP, it defeats the purpose of this.
You could also do the onion/tor hosting you mentioned along with a gateway service (.onion -> clearnet), using something like https://torstorm.org, or https://tor2web.org, or https://onion.to (there's a bunch more).
For example, DuckDuckGo's onion site is http://3g2upl4pq6kufc4m.onion/
and to reach it using one of these services you would use:
https://3g2upl4pq6kufc4m.torstorm.org/
or
https://3g2upl4pq6kufc4m.tor2web.org/
or
https://3g2upl4pq6kufc4m.onion.to/
etc.