Discussion:
[OT?] I have 4 IPs. How is outbound IP selected, say run lynx URL on server?
Janne Johansson
2018-11-30 20:51:37 UTC
Permalink
Den fre 30 nov. 2018 kl 21:32 skrev Chris Bennett
I'm just curious. Is there a default method to select on this? Random?
Can I control this somehow?
It's clear how everything else selects IP, but I just wanted to know in
case that ever mattered, say one of my IPs were blocked.
And I wanted to be sure which IP outbound is or is not used for running
something like lynx, etc.
Not terribly important, but at least interesting question for me.
Normally, the IP on the interface which the route table says lead to
the destination
get chosen, unless the program deliberately chooses (or allows to choose) one of
the other IPs you have.
--
May the most significant bit of your life be positive.
Claudio Jeker
2018-11-30 21:19:38 UTC
Permalink
Post by Janne Johansson
Den fre 30 nov. 2018 kl 21:32 skrev Chris Bennett
I'm just curious. Is there a default method to select on this? Random?
Can I control this somehow?
It's clear how everything else selects IP, but I just wanted to know in
case that ever mattered, say one of my IPs were blocked.
And I wanted to be sure which IP outbound is or is not used for running
something like lynx, etc.
Not terribly important, but at least interesting question for me.
Normally, the IP on the interface which the route table says lead to the
destination get chosen, unless the program deliberately chooses (or
allows to choose) one of the other IPs you have.
When using the route you can specify which interface address to use (look
for -ifa in route(8)) else the kernel will use the IP address which gets
you to the gateway of that route.
--
:wq Claudio
Kaya Saman
2018-11-30 22:38:36 UTC
Permalink
I'm just curious. Is there a default method to select on this? Random?
Can I control this somehow?
It's clear how everything else selects IP, but I just wanted to know in
case that ever mattered, say one of my IPs were blocked.
And I wanted to be sure which IP outbound is or is not used for running
something like lynx, etc.
Not terribly important, but at least interesting question for me.
Thanks,
Chris Bennett
If you say 'outbound IP' I am guessing you WAN facing public address.


There are several ways to do this....


The first would be to use a NAT Pool. This would effectively pop all
your public addresses a selectable group:


eg. { 1.1.1.1 , 2.2.2.2 , 3.3.3.3 , 4.4.4.4 }


Depending on the pool configuration ie. if there was any weighting put
on for IP selection or it would simply use a round-robbin type of selection.


https://www.openbsd.org/faq/pf/nat.html


https://www.openbsd.org/faq/pf/example1.html


Another method would be to setup a static route. So in the above example
with NAT pool you could simply say something like:


IP 172.16.40.52 -> 1.1.1.1


So your PF rule would then be something like:


match out on $ext_if from 172.16.40.52 to any nat-to {1.1.1.1}



The weighted option or a load balanced option would have something like
this:


https://www.openbsd.org/faq/pf/pools.html


Regards,


Kaya
Martin Sukany
2018-12-01 15:32:04 UTC
Permalink
routing.
I'm just curious. Is there a default method to select on this? Random?
Can I control this somehow?
It's clear how everything else selects IP, but I just wanted to know in
case that ever mattered, say one of my IPs were blocked.
And I wanted to be sure which IP outbound is or is not used for running
something like lynx, etc.
Not terribly important, but at least interesting question for me.
Thanks,
Chris Bennett
--
Martin Sukany
UNIX Engineer - Solaris / Linux / OpenBSD L3 Specialist
+420 776 275 713
www.sukany.cz
Loading...