How do I configure Shorewall to use Floating IPs?

I am trying to configure my droplet’s Shorewall firewall to use the floating IP, but only for certain kinds of traffic. I’d like to use the droplet’s public IP for other kinds of traffic. Specifically:

Public IP: HTTP and HTTPS open; SMTP and IMAP closed. Floating IP: SMTP and IMAP open; HTTP and HTTPS closed.

I’m just not sure how to do this. I know the droplet’s anchor IP and have a general understanding for how the Floating IPs work, but I’m lost beyond that.

I know that many of you are smarter than I am, so I’m hoping you can walk me through this in a dumbed-down fashion. Thank you in advance for whatever help you can provide!

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.


The floating IP is what the world sees externally but for software running on the droplet, there is what’s known as an “Anchor IP” - I think this is what you need.

Lots more info on this topic here:

The tl;dr is to find your anchor IP by running this command from your droplet:

curl -s

Then use the IP that it returns in your Shorewall configuration.

Hope this helps! Let us know how it turns out.