| Author |
Message |
smiffy
Joined: 23 Jan 2007
Posts: 90
Location: Rural South Australia
|
| Posted: Thu Nov 05, 2009 6:06 pm Post subject: Specifying outgoing interface/IP address |
|
|
If I have a Linode with multiple IP addresses, is there any way that I can route traffic through a specific interface/IP address, on a dynamic basis?
My scenario is that I need to access a service that has a per IP queries per hour limit. The legitimate way to overcome this limit, since the providers can't be bothered to do whitelisting, is to use multiple IP addresses.
I want, therefore, to create a round-robin system whereby I can say:
query 1 - use eth0
query 2 - use eth0:1
query 3 - use eth0:2
...etcetera.
The query will be coming from a Perl programme using IO::Socket. |
|
| Back to top |
|
Stever
Joined: 07 Dec 2007
Posts: 337
Location: NC, USA
|
| Posted: Thu Nov 05, 2009 10:11 pm Post subject: |
|
|
Maybe use IO::Socket::INET and set LocalAddr?
I'm not a perl programmer, so just guessing. |
|
| Back to top |
|
smiffy
Joined: 23 Jan 2007
Posts: 90
Location: Rural South Australia
|
| Posted: Thu Nov 05, 2009 11:31 pm Post subject: |
|
|
Thanks - I'll see if that works.
Failing that, someone (via another source) has suggested a trick using iptables.
I'll post my results in case anyone else comes up against the same issue. |
|
| Back to top |
|
fukawi2
Joined: 02 Feb 2009
Posts: 64
Location: Melbourne, Australia
|
| Posted: Fri Nov 06, 2009 12:56 am Post subject: |
|
|
Code: iptables -t nat -A POSTROUTING -m statistic --mode random --probability 0.5 -m state --state NEW -j SNAT --to-source X.X.X.X
iptables -t nat -A POSTROUTING -m state --state NEW -j SNAT --to-source Y.Y.Y.Y
Each new outgoing connection will "randomly" be Source NAT'ed to either X.X.X.X or Y.Y.Y.Y
This is assuming you have 2 IP addresses. If you have 3, you'll need to:
1) duplicate the 1st rule
2) adjust the source IP in the new rule
3) adjust all instances of 0.5 to be 0.333333333333 etc
You may wish to include a -d argument in there too so only outgoing connections to the host that's causing you problems is randomized ;) |
|
| Back to top |
|
smiffy
Joined: 23 Jan 2007
Posts: 90
Location: Rural South Australia
|
| Posted: Fri Nov 06, 2009 1:15 am Post subject: |
|
|
Cool - that's one for the "useful" information file!
Cheers for that. |
|
| Back to top |
|
fukawi2
Joined: 02 Feb 2009
Posts: 64
Location: Melbourne, Australia
|
| Posted: Fri Nov 06, 2009 1:18 am Post subject: |
|
|
I love the random module, especially when my friend leaves his firewall logged in as root and unattended....
Code: iptables -I FORWARD -i eth1 -o eth0 -m statistic --mode random --probability 0.5 -j DROP
:P |
|
| Back to top |
|
jed
Joined: 28 Mar 2009
Posts: 394
Location: New Jersey
|
| Posted: Fri Nov 06, 2009 11:06 am Post subject: |
|
|
fukawi2 wrote: Code: iptables -t nat -A POSTROUTING -m statistic --mode random --probability 0.5 -m state --state NEW -j SNAT --to-source X.X.X.X
iptables -t nat -A POSTROUTING -m state --state NEW -j SNAT --to-source Y.Y.Y.Y
Each new outgoing connection will "randomly" be Source NAT'ed to either X.X.X.X or Y.Y.Y.Y
That's really interesting. Didn't know about statistic. |
|
| Back to top |
|
mwalling
Joined: 10 Dec 2007
Posts: 335
|
| Posted: Fri Nov 06, 2009 4:09 pm Post subject: |
|
|
fukawi2 wrote: code]iptables -I FORWARD -i eth1 -o eth0 -m statistic --mode random --probability 0.5 -j DROP[/code]
If this was StackExchange, I'd upvote you. |
|
| Back to top |
|
| |
