Linode Forum :: Specifying outgoing interface/IP address

iptables -t nat -A POSTROUTING -m statistic --mode random --probability 0.5 -m state --state NEW -j SNAT --to-source X.X.X.X
iptables -t nat -A POSTROUTING -m state --state NEW -j SNAT --to-source Y.Y.Y.Y

Code:

iptables -t nat -A POSTROUTING -m statistic --mode random --probability 0.5 -m state --state NEW -j SNAT --to-source X.X.X.X
iptables -t nat -A POSTROUTING -m state --state NEW -j SNAT --to-source Y.Y.Y.Y

Each new outgoing connection will "randomly" be Source NAT'ed to either X.X.X.X or Y.Y.Y.Y

Author:	smiffy [ Thu Nov 05, 2009 7:06 pm ]
Post subject:	Specifying outgoing interface/IP address
If I have a Linode with multiple IP addresses, is there any way that I can route traffic through a specific interface/IP address, on a dynamic basis? My scenario is that I need to access a service that has a per IP queries per hour limit. The legitimate way to overcome this limit, since the providers can't be bothered to do whitelisting, is to use multiple IP addresses. I want, therefore, to create a round-robin system whereby I can say: query 1 - use eth0 query 2 - use eth0:1 query 3 - use eth0:2 ...etcetera. The query will be coming from a Perl programme using IO::Socket.

Author:	Stever [ Thu Nov 05, 2009 11:11 pm ]
Post subject:
Maybe use IO::Socket::INET and set LocalAddr? I'm not a perl programmer, so just guessing.

Author:	smiffy [ Fri Nov 06, 2009 12:31 am ]
Post subject:
Thanks - I'll see if that works. Failing that, someone (via another source) has suggested a trick using iptables. I'll post my results in case anyone else comes up against the same issue.

Author:	fukawi2 [ Fri Nov 06, 2009 1:56 am ]
Post subject:
Code: iptables -t nat -A POSTROUTING -m statistic --mode random --probability 0.5 -m state --state NEW -j SNAT --to-source X.X.X.X iptables -t nat -A POSTROUTING -m state --state NEW -j SNAT --to-source Y.Y.Y.Y Each new outgoing connection will "randomly" be Source NAT'ed to either X.X.X.X or Y.Y.Y.Y This is assuming you have 2 IP addresses. If you have 3, you'll need to: 1) duplicate the 1st rule 2) adjust the source IP in the new rule 3) adjust all instances of 0.5 to be 0.333333333333 etc You may wish to include a -d argument in there too so only outgoing connections to the host that's causing you problems is randomized

Author:	smiffy [ Fri Nov 06, 2009 2:15 am ]
Post subject:
Cool - that's one for the "useful" information file! Cheers for that.

Linode Forum https://forum.linode.com/

Specifying outgoing interface/IP address https://forum.linode.com/viewtopic.php?f=19&t=4803	Page 1 of 1

Author:	fukawi2 [ Fri Nov 06, 2009 2:18 am ]
Post subject:
I love the random module, especially when my friend leaves his firewall logged in as root and unattended.... Code: iptables -I FORWARD -i eth1 -o eth0 -m statistic --mode random --probability 0.5 -j DROP

Author:	jed [ Fri Nov 06, 2009 12:06 pm ]
Post subject:
fukawi2 wrote: Code: iptables -t nat -A POSTROUTING -m statistic --mode random --probability 0.5 -m state --state NEW -j SNAT --to-source X.X.X.X iptables -t nat -A POSTROUTING -m state --state NEW -j SNAT --to-source Y.Y.Y.Y Each new outgoing connection will "randomly" be Source NAT'ed to either X.X.X.X or Y.Y.Y.Y That's really interesting. Didn't know about statistic.

Author:	mwalling [ Fri Nov 06, 2009 5:09 pm ]
Post subject:
fukawi2 wrote: code]iptables -I FORWARD -i eth1 -o eth0 -m statistic --mode random --probability 0.5 -j DROP[/code] If this was StackExchange, I'd upvote you.

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/