How do I configure Shorewall to use Floating IPs?

September 14, 2019 141 views
Networking Ubuntu 18.04

I am trying to configure my droplet’s Shorewall firewall to use the floating IP, but only for certain kinds of traffic. I’d like to use the droplet’s public IP for other kinds of traffic. Specifically:

Public IP: HTTP and HTTPS open; SMTP and IMAP closed.
Floating IP: SMTP and IMAP open; HTTP and HTTPS closed.

I’m just not sure how to do this. I know the droplet’s anchor IP and have a general understanding for how the Floating IPs work, but I’m lost beyond that.

I know that many of you are smarter than I am, so I’m hoping you can walk me through this in a dumbed-down fashion. Thank you in advance for whatever help you can provide!

1 Answer

Hi,

The floating IP is what the world sees externally but for software running on the droplet, there is what’s known as an “Anchor IP” - I think this is what you need.

Lots more info on this topic here:
https://www.digitalocean.com/community/questions/send-outbound-traffic-over-floating-ip

The tl;dr is to find your anchor IP by running this command from your droplet:

curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address

Then use the IP that it returns in your Shorewall configuration.

Hope this helps! Let us know how it turns out.

Have another answer? Share your knowledge.