Find the answer to your Linux question:
Results 1 to 9 of 9
Okay, I've been using Linux for going on 8+ years now, I know what I'm doing generally and I handle a few servers for clients. I've got a specific issue ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2005
    Posts
    13

    Setting Outgoing IP for Port 80?


    Okay, I've been using Linux for going on 8+ years now, I know what I'm doing generally and I handle a few servers for clients. I've got a specific issue now with the networking that I can't seem to figure out, and because if I mess up, I've got to drive an hour to go take care of the server.

    Anyway, I've got a script that connects to a web file on remote servers and compares (it's an update script to check if the remote systems need to be upgraded). The script that it's reading is on port 80 (it's from http obviously), and I've setup all of my routes to point to eth0, but for whatever reason, my outgoing IP changes around every few days it seems. I think I know that iptables is what I want to use with POSTROUTING and checking --dport 80, but not entirely sure how to go about setting everything going out to a port 80 to use the eth0 interface's IP address.

    If anyone could shed some light it'd be much appreciated, I've been searching around and I can't seem to find exactly what I'm looking for.

  2. #2
    Linux Newbie
    Join Date
    Feb 2009
    Location
    Third ring of Pergatory
    Posts
    199
    The problem with iptables if you use the "-p tcp' parameter is you've just bound all the tcp/ip traffic to port 80. You need a named socket to bind to 80 in iptables. Does your script create a socket?

  3. #3
    Just Joined!
    Join Date
    Jun 2005
    Posts
    13
    Quote Originally Posted by dijetlo View Post
    The problem with iptables if you use the "-p tcp' parameter is you've just bound all the tcp/ip traffic to port 80. You need a named socket to bind to 80 in iptables. Does your script create a socket?
    Through PHP I'm using file_get_contents(), which I'm assuming actually creates a socket, grabs the data and brings it back to a string/pointer. I wouldn't really be opposed to force all OUTGOING data to the specific eth0 adapter, but at the same time I don't know if it'd cause problems to have incoming connections come in on our IP, and then the response to come back from the other. The nitty gritty networking stuff is always a pain

  4. #4
    Linux Newbie
    Join Date
    Feb 2009
    Location
    Third ring of Pergatory
    Posts
    199
    Quote Originally Posted by projectshifter View Post
    Through PHP I'm using file_get_contents(), which I'm assuming actually creates a socket, grabs the data and brings it back to a string/pointer.
    I don't think it creates a socket, but it will stream data.. .
    Quote Originally Posted by projectshifter View Post
    I wouldn't really be opposed to force all OUTGOING data to the specific eth0 adapter, but at the same time I don't know if it'd cause problems to have incoming connections come in on our IP, and then the response to come back from the other
    You could always spoof your ip address on eth0 so it points back to eth1. Where you'll hit the wall is with things rcp, X, inetd, ssl skype. They use a tcp packet but they wont run on 80.
    Quote Originally Posted by projectshifter View Post
    . The nitty gritty networking stuff is always a pain
    I think it's more the devil you know.

  5. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    What is it you are trying to do? Make everything leaving eth0 use port 80? Or just port 80 traffic is allowed to leave eth0?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #6
    Linux Newbie
    Join Date
    Feb 2009
    Location
    Third ring of Pergatory
    Posts
    199
    but for whatever reason, my outgoing IP changes around every few days it seems. I think I know that iptables is what I want to use with POSTROUTING and checking --dport 80,
    I'm assuming he's going to bind tcp to 80 on eth0..

  7. #7
    Just Joined!
    Join Date
    Jun 2005
    Posts
    13
    Quote Originally Posted by dijetlo View Post
    I'm assuming he's going to bind tcp to 80 on eth0..
    Yeah, I need to make sure that all outgoing traffic gets tagged on the same IP address. I don't actually care if it's only outgoing to port 80 or if it's all traffic in general, the biggest problem is that I 100% NEED my outgoing IP address to always be the same. Even though I have everything routed to go out on eth0, it changes constantly onto using one of the aliased eth0:# adapters instead. We've got clients running transactions to payment gateways, and a lot of those gateways want a static IP address, otherwise I have to give them the list of every single IP on the server, and update them as we add new ones, which is obviously not a feasible option.

  8. #8
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Only problem I see is if the far end is looking for return packets from another IP Address besides what you set.

    Code:
    iptables -t nat -A POSTROUTING -p tcp -o eth0 -j  SNAT --to-source <IP ADDR>

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  9. #9
    Just Joined!
    Join Date
    Mar 2009
    Posts
    1
    Quote Originally Posted by projectshifter View Post
    Yeah, I need to make sure that all outgoing traffic gets tagged on the same IP address. I don't actually care if it's only outgoing to port 80 or if it's all traffic in general, the biggest problem is that I 100% NEED my outgoing IP address to always be the same. Even though I have everything routed to go out on eth0, it changes constantly onto using one of the aliased eth0:# adapters instead. We've got clients running transactions to payment gateways, and a lot of those gateways want a static IP address, otherwise I have to give them the list of every single IP on the server, and update them as we add new ones, which is obviously not a feasible option.
    Just did the same thing for outgoing SNMP traffic. Below is only port 80 tcp traffic.
    Suggest you do 443 as weel (for ssl).

    iptables -t nat -A POSTROUTING -p tcp --dport 80 -j SNAT --to <SAME IP ADDRESS>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •