Is it possible to route outbound traffic from a droplet through its floating IP. I.e., make http requests from the droplet that appear to originate from the floating IP?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
The short answer is yes. The longer answer is that it depends on the software you are using to make the request. It needs to expose some way of binding to a particular interface. If it does, you’ll need to find what we call the “anchor IP” and use it. The easiest way to find the anchor IP is to inspect your Droplet’s metadata. From the Droplet, run:
- curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address
In my case, it returns 10.10.0.8
If you wanted to make your request with curl
you could then use:
- curl --interface 10.10.0.8 https://example.com
Or with wget
you would use:
- wget --bind-address=10.10.0.8 https://example.com
In both cases, example.com
would now see the request as coming from my Floating IP not my Droplet’s IP address.
Check out this tutorial for more info on Floating IPs: How To Use Floating IPs on DigitalOcean In particular, see the section on “Droplet Anchor IPs.”
Click below to sign up and get $100 of credit to try our products over 60 days!
The following worked for me on ubuntu:
Find the IPv4 gateway anchor:
If you’re concerned about copy / pasting random things (and you should be); the Floating IP gateway documentation can be found here:
https://developers.digitalocean.com/documentation/metadata/#interface-anchor_ipv4-gateway
It’s crazy that I would think this would be such an essential, important feature of floating ips and yet it’s nearly impossible. After fighting this for about 2 or 3 ours on Ubuntu (Tried pretty much everything here, I could not get it to work).
What I ended up doing is using Squid proxy to handle this. If anyone is interested, here’s a bash script to setup Squid locally (with authentication) and have it route traffic through the floating IP (the line with
tcp_outgoing_address $GATEWAY ev
is basically where the magic happens).Hopefully DO can shed some light on how to do this properly soon.
@ComputerUser I was on 18.10 I believe when I was trying this. However as I could not get system services to use the floating IP I gave up on it and switched back to the main IP. It would have saved so much time not having to update DNS on a load of domains and just switch the floating IP between servers but when your email is being received on the floating IP but sent out on the main IP this does not work and leads to the mail server being blacklisted. DO did agree it was too difficult to work with floating IPs and recommended giving up on them until they worked better (e.g. so the server saw it as the primary IP ). Floating IPs could be a great feature for disaster recovery features (i.e. switch the IP from one server to another without having to edit a load of DNS entries and wait for the cache to update) but it seems they are not there yet.
here you go, This is the answer you are looking for: https://blog.programster.org/openvpn-digitalocean-ip-alias
@apexinvesting Hi, running
route add default gw ip-number
kills the current ssh connection and afterwards, it seems I am unable to log in again.Step 1. Run this command to get the gateway for the floating IP
Step 2. Run this command to make all outgoing connections appear to come from your floating IP, where $gatewayip$ is the ip obtained from the previous command:
Someone could make a script to automate that in one shot.