-2

I have a VPS with multiple IPs assigned. In this VPS I run some programs that make requests on the network and, for some reason, all the requests use one specific IPv4 of my VPS.

However I have many other IPv4 and IPv6 and they are never used. Is is possible to make certain programs use specific IPs? Maybe, some rule in firewalld that makes a program use specific IP? My eth0 uses default configuration of my VPS (Linode) and it works fine, I can see all the IPs assigned to my VPS. However, only one specific IPv4 is being used on outbound traffic from all my programs.

Any idea how I can accomplish that?

1
  • To verify can you please update your post with your ifconfig and ip route show
    – Turdie
    Commented Dec 24, 2023 at 2:01

1 Answer 1

0

This is quite uncommon, and I think it's logical that one ip is being used for outgoing traffic, is being used, because that ip linked to your default gateway (assumption). Multiple gateways in one machine is nkt possible and will create routing issues.

You can use source-based routing to do this.

Here is an general example:

  1. Identity the process id using ps or pgrep

  2. Edit or create the file /etc/iproute2/rt_tables and add a new entry.

    200 mytable

  3. Then using ipables "mark the packets" iptables -t mangle -A OUTPUT -m owner --pid-owner <YourProgramPID> -j MARK --set-mark 1

  4. Create the routing table ip rule add fwmark 1 table mytable

  5. Configure the routing table ip route add default via <DesiredIPAddress> dev eth0 table mytable

  6. Verify ip route show table mytable

4
  • "Multiple gateways in one machine is nkt possible and will create routing issues." Multiple gateways in one host are common and often necessary. What I think you mean is multiple default gateways. When you have multiple gateways for the same destination network, the longest match wins, but a tie will use the assigned metric for the gateway to use. If you have more than one default gateway, then it boils down to the lowest metric is the one used.
    – Ron Maupin
    Commented Dec 24, 2023 at 2:31
  • I appreciate your instruction, is very detailed. I found a friend that told me that using iptables -t nat -A POSTROUTING -m owner --uid-owner user1 -j SNAT --to-source IP would be easier. Do you think this would work?
    – Samul
    Commented Dec 24, 2023 at 2:49
  • That's doing snat, then you load balance the outbound connections, could work, i recommend testing it
    – Turdie
    Commented Dec 24, 2023 at 5:38
  • @Turdie marking packets works well for routed (forwarded) packets. For locally initiated packets, rerouting using iptables marks still keeps the original (wrong) source address selected by default before rerouting happens, so a SNAT bandaid is still needed. To get the routing working well from the start for locally initiated traffic, the process has to use the setsockopt SO_MARK which is privileged. Could be forced using LD_PRELOAD (works only on root processes) or else a bpf filter has to be attached to the program to do the same.
    – A.B
    Commented Dec 24, 2023 at 18:08

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .