Setting Outgoing IP for Port 80?

[projectshifter]

Okay, I've been using Linux for going on 8+ years now, I know what I'm doing generally and I handle a few servers for clients. I've got a specific issue now with the networking that I can't seem to figure out, and because if I mess up, I've got to drive an hour to go take care of the server.

Anyway, I've got a script that connects to a web file on remote servers and compares (it's an update script to check if the remote systems need to be upgraded). The script that it's reading is on port 80 (it's from http obviously), and I've setup all of my routes to point to eth0, but for whatever reason, my outgoing IP changes around every few days it seems. I think I know that iptables is what I want to use with POSTROUTING and checking --dport 80, but not entirely sure how to go about setting everything going out to a port 80 to use the eth0 interface's IP address.

If anyone could shed some light it'd be much appreciated, I've been searching around and I can't seem to find exactly what I'm looking for.

[dijetlo]

The problem with iptables if you use the "-p tcp' parameter is you've just bound all the tcp/ip traffic to port 80. You need a named socket to bind to 80 in iptables. Does your script create a socket?

[projectshifter]

The problem with iptables if you use the "-p tcp' parameter is you've just bound all the tcp/ip traffic to port 80. You need a named socket to bind to 80 in iptables. Does your script create a socket?

Through PHP I'm using file_get_contents(), which I'm assuming actually creates a socket, grabs the data and brings it back to a string/pointer. I wouldn't really be opposed to force all OUTGOING data to the specific eth0 adapter, but at the same time I don't know if it'd cause problems to have incoming connections come in on our IP, and then the response to come back from the other. The nitty gritty networking stuff is always a pain

[dijetlo]

Through PHP I'm using file_get_contents(), which I'm assuming actually creates a socket, grabs the data and brings it back to a string/pointer.

I don't think it creates a socket, but it will stream data.. .

I wouldn't really be opposed to force all OUTGOING data to the specific eth0 adapter, but at the same time I don't know if it'd cause problems to have incoming connections come in on our IP, and then the response to come back from the other

You could always spoof your ip address on eth0 so it points back to eth1. Where you'll hit the wall is with things rcp, X, inetd, ssl skype. They use a tcp packet but they wont run on 80.

. The nitty gritty networking stuff is always a pain

I think it's more the devil you know.

[Lazydog]

What is it you are trying to do? Make everything leaving eth0 use port 80? Or just port 80 traffic is allowed to leave eth0?

[dijetlo]

but for whatever reason, my outgoing IP changes around every few days it seems. I think I know that iptables is what I want to use with POSTROUTING and checking --dport 80,

I'm assuming he's going to bind tcp to 80 on eth0..

[projectshifter]

I'm assuming he's going to bind tcp to 80 on eth0..

Yeah, I need to make sure that all outgoing traffic gets tagged on the same IP address. I don't actually care if it's only outgoing to port 80 or if it's all traffic in general, the biggest problem is that I 100% NEED my outgoing IP address to always be the same. Even though I have everything routed to go out on eth0, it changes constantly onto using one of the aliased eth0:# adapters instead. We've got clients running transactions to payment gateways, and a lot of those gateways want a static IP address, otherwise I have to give them the list of every single IP on the server, and update them as we add new ones, which is obviously not a feasible option.

[Lazydog]

Only problem I see is if the far end is looking for return packets from another IP Address besides what you set.

Code:

iptables -t nat -A POSTROUTING -p tcp -o eth0 -j  SNAT --to-source <IP ADDR>

[griggle]

Yeah, I need to make sure that all outgoing traffic gets tagged on the same IP address. I don't actually care if it's only outgoing to port 80 or if it's all traffic in general, the biggest problem is that I 100% NEED my outgoing IP address to always be the same. Even though I have everything routed to go out on eth0, it changes constantly onto using one of the aliased eth0:# adapters instead. We've got clients running transactions to payment gateways, and a lot of those gateways want a static IP address, otherwise I have to give them the list of every single IP on the server, and update them as we add new ones, which is obviously not a feasible option.

Just did the same thing for outgoing SNMP traffic. Below is only port 80 tcp traffic.
Suggest you do 443 as weel (for ssl).

iptables -t nat -A POSTROUTING -p tcp --dport 80 -j SNAT --to <SAME IP ADDRESS>