Is there any way to specify a particular outbound IP address for stunnel? Right now, it's always using the main IP of the server, but I'd like it to use a specific outbound IP address.
I actually found my own answer on this one - the "local" directive.
local = host
IP of the outgoing interface is used as source for remote connections.
Use this option to bind a static local IP address, instead.
Related
How does it work actually? When I start my Kubernetes cluster I can access the address 0.0.0.0 in my browser. When I create a LoadBalancer I can access some other address in my browser e.g. 174.23.0.12. How does Kubernetes know that those addresses are not colliding with some other addresses? Is it possible to e.g. serve a react app on some IP like that?
To my understanding, 0.0.0.0 is a non-standard broadcast address (according to RFC 1122, section 3.3.6) so your request to 0.0.0.0 is received by all hosts on your local network and the address is not routed, so it stays in your local network. You as client don't need to know the actual target address.
Obviously I could listen on a particular IP address, but is it possible to listen on a particular hostname? Specifically, if example1.com and example2.com both point to my server with IP address (say) 12.34.56.78, is it possible to proxy connections to example1.com:5432 to my postgres db, but have connections to example2.com:5432 be rejected?
I have a feeling the hostname is not passed in the initial connection, so it would be impossible to do what can be done with HTTP(S) (e.g. Nginx server block, Caddy, etc.).
No, that is not possible. The database server never sees the host name the client used. Domain Name Service (DNS) resolution of a host name to an IP address has to happen before the server can be contacted.
You will have to use two different IP addresses, for example by defining a second, virtual IP address for the server. You don't need to have a second network card.
I have a script that sends traffic to a server. It marks incoming traffic as known location traffic for a specific IP.
My script sends traffic via Pycurl. I cannot change Pycurl for now, so is there any way to send traffic by sending that specific source IP.
Options are either set source IP in pycurl or make it use some interface which is created with that specific IP. I need to know how to make a virtual interface to serve traffic for the specific IP in python so that pycurl picks up that interface to send.
If you have multiple interfaces with multiple IP addresses or if you just want the kernel to handle this, you just need to add a host route in your kernel. On linux, this would look something like:
ip route add 10.45.0.20/32 src 10.45.0.10
Where 10.45.0.10 is the IP you want as a source and 10.45.0.20 is the webserver. Note: if you have a gateway to get to the server, then you need to have a 'via' statement and the desired source ip needs to be able to send traffic to it (same subnet).
If you have multiple interfaces and the ip you want to use is the only one bound to one of those interfaces, then you can just add the following to your Pycurl program:
c = pycurl.Curl()
...
c.setopt(pycurl.INTERFACE, "eth2")
Where eth2 is the name of the interface the request will come from. If the IP you want as a source is the only one bound to eth2, then the request will have that source IP.
I know I can get the IP address by using 'getpeername' function, but how can I set the IP address to an existing socket? I search the web and I only find that it can be done by creating a new socket. From MSDN example, it shows the same client socket can be used to receive and send, but what can I do with a different IP.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms737593(v=vs.85).aspx
If you want to force a socket towards a specific IP address or port you need to bind the socket.
More information about the bind function can be found here :
https://msdn.microsoft.com/en-us/library/windows/desktop/ms737550%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
I need to accept only connections from particular client ip address at server side. Should not use acl. With help of socket strict bind at server side can i do?
Example:
client ip address: 1.1.1.1
server ip address: 1.1.1.2
At server side:
1. Open a socket
2. Bind socket with 1.1.1.1(client ip address) with port no.
Will i be allow to do the second step at server side? Any special options are there to do?
Please let me know.
Thanks,
Boobesh
You can only bind the server port to an ip address to specify the interface to use.
For example your server has two network interfaces, one connected to the internet and one to a configuration network. The webserver should maybe only listen on the internet interface and a management tool only listen on the configuration network.
For your purpose you can accept the connection, compare the ip address and if it is not in the list of allowed clients close the connection immediately (or after sending an error message).
The other solution would be to use a firewall that is configured to allow only connections from the specified clients to the server port.
I agree with the friend above, u can only manage the ip and port in you server, but not client. u should compare the coming socket with the one u store in your server.