Question

How do I configure Shorewall to use Floating IPs?

Posted September 14, 2019 279 views
NetworkingUbuntu 18.04

I am trying to configure my droplet’s Shorewall firewall to use the floating IP, but only for certain kinds of traffic. I’d like to use the droplet’s public IP for other kinds of traffic. Specifically:

Public IP: HTTP and HTTPS open; SMTP and IMAP closed.
Floating IP: SMTP and IMAP open; HTTP and HTTPS closed.

I’m just not sure how to do this. I know the droplet’s anchor IP and have a general understanding for how the Floating IPs work, but I’m lost beyond that.

I know that many of you are smarter than I am, so I’m hoping you can walk me through this in a dumbed-down fashion. Thank you in advance for whatever help you can provide!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi,

The floating IP is what the world sees externally but for software running on the droplet, there is what’s known as an “Anchor IP” - I think this is what you need.

Lots more info on this topic here:
https://www.digitalocean.com/community/questions/send-outbound-traffic-over-floating-ip

The tl;dr is to find your anchor IP by running this command from your droplet:

curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address

Then use the IP that it returns in your Shorewall configuration.

Hope this helps! Let us know how it turns out.

Submit an Answer