How to route outgoing connection via Floating IP

May 14, 2018 1.3k views
Networking Ubuntu 18.04
deepikamaj
By:
deepikamaj

Hi,

Our database server which is out of DigitalOcean is configured to allow incoming connections from fixed Floating IPs reserved in DigitalOcean.

We have a load balancer (out of DigitalOcean) and few app/web nodes having floating IPs attached. Load balancer is using floating IPs of app/web nodes within it's backend configuration and all of this is working great except the database connection from app/web node to our database server which is being rejected as it will not come via Floating IPs.

So,
A) How can we configure our droplet to use assigned Floating IPs on outgoing connections for all ports & protocol?
B) Or, how to use same IPs for outgoing connection? Like "Incoming via Main IP > Outgoing via Main IP" OR "Incoming via Floating IP > Outgoing via Floating IP"

We are using Ubuntu 18.04

Log In to Comment
1 Answer
ryanpq MOD May 15, 2018

Floating IPs are not seen by the droplet they are added to. Instead the droplet sees a local IP that is the Floating IP's anchor IP. This allows communications back through the floating IP by routing the communication on an internal network out to the Floating IP. For any services that you need to listen or communicate on the Floating IP you'll want to configure them to use the Anchor IP.

More information can be found here.

How To Use Floating IPs on DigitalOcean
by Melissa Anderson
A DigitalOcean Floating IP is a publicly-accessible static IP address that can be mapped to one of your Droplets. A Floating IP can also be instantly remapped, via the DigitalOcean Control Panel or API, to one of your other Droplets in the same datacenter. This instant remapping capability grants you the ability to design and create High Availability (HA) server infrastructures by adding redundancy to the entry point, or gateway, to your servers.
Reply
  • deepikamaj May 15, 2018

    so, how can I configure my droplet to use that anchor IP interface for outgoing connection so that third party services or my database server which is out of DigitalOcean know the request is coming from specific Floating IP?

    I saw something like below, somewhere on DO Community Forum but not sure whether this works or if this is a correct/preferred way to go:

    iptables -t nat -A POSTROUTING -p all -o eth0 -j SNAT --to-source ANCHOR_IP_OF_FLOATING_IP
Have another answer? Share your knowledge.

Related Questions