Hi,

Our database server which is out of DigitalOcean is configured to allow incoming connections from fixed Floating IPs reserved in DigitalOcean.

We have a load balancer (out of DigitalOcean) and few app/web nodes having floating IPs attached. Load balancer is using floating IPs of app/web nodes within it’s backend configuration and all of this is working great except the database connection from app/web node to our database server which is being rejected as it will not come via Floating IPs.

So,
A) How can we configure our droplet to use assigned Floating IPs on outgoing connections for all ports & protocol?
B) Or, how to use same IPs for outgoing connection? Like “Incoming via Main IP > Outgoing via Main IP” OR “Incoming via Floating IP > Outgoing via Floating IP”

We are using Ubuntu 18.04

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Floating IPs are not seen by the droplet they are added to. Instead the droplet sees a local IP that is the Floating IP’s anchor IP. This allows communications back through the floating IP by routing the communication on an internal network out to the Floating IP. For any services that you need to listen or communicate on the Floating IP you’ll want to configure them to use the Anchor IP.

More information can be found here.

  • so, how can I configure my droplet to use that anchor IP interface for outgoing connection so that third party services or my database server which is out of DigitalOcean know the request is coming from specific Floating IP?

    I saw something like below, somewhere on DO Community Forum but not sure whether this works or if this is a correct/preferred way to go:

    iptables -t nat -A POSTROUTING -p all -o eth0 -j SNAT --to-source ANCHOR_IP_OF_FLOATING_IP
    
Submit an Answer