Send outbound traffic over floating IP
Is it possible to route outbound traffic from a droplet through its floating IP. I.e., make http requests from the droplet that appear to originate from the floating IP?
Log In to Comment
4 Answers
The short answer is yes. The longer answer is that it depends on the software you are using to make the request. It needs to expose some way of binding to a particular interface. If it does, you’ll need to find what we call the “anchor IP” and use it. The easiest way to find the anchor IP is to inspect your Droplet’s metadata. From the Droplet, run:
- curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address
In my case, it returns 10.10.0.8 If you wanted to make your request with curl you could then use:
- curl --interface 10.10.0.8 https://example.com
Or with wget you would use:
- wget --bind-address=10.10.0.8 https://example.com
In both cases, example.com would now see the request as coming from my Floating IP not my Droplet’s IP address.
Check out this tutorial for more info on Floating IPs: How To Use Floating IPs on DigitalOcean In particular, see the section on “Droplet Anchor IPs.”
A DigitalOcean Floating IP is a publicly-accessible static IP address that can be mapped to one of your Droplets. A Floating IP can also be instantly remapped, via the DigitalOcean Control Panel or API, to one of your other Droplets in the same datacenter. This instant remapping capability grants you the ability to design and create High Availability (HA) server infrastructures by adding redundancy to the entry point, or gateway, to your servers.
Step 1. Run this command to get the gateway for the floating IP
curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address
Step 2. Run this command to make all outgoing connections appear to come from your floating IP, where $gatewayip$ is the ip obtained from the previous command:
route add default gw $gatewayip$
Someone could make a script to automate that in one shot.
-
I tried this but this killed all network activity to and from the droplet.
I then ranroute add default gw NON-FLOATING IPWhilst this fixed networking again I then realised the IP I just added was still listed and the non-floating IP was listed twice so I ran this 3 times to remove all entries:
route del default gw NON-FLOATING IP/FLOATING IPThen added it again with:
route add default gw NON-FLOTING IPNow I am back to where I started though and cannot get Ubuntu to use the floating IP for SMTP as attempting to bind to that address causes AMAVIS to block the outgoing messages.
-
That command returns the anchor ip address not the gateway. You need to run the following to get the gateway:
curl -s 169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/gateway-
Thanks I thought there might have been something wrong with the instructions above. Your command worked and I was also able to get the netmask that way too.
However whatever I do, outbound connections from my Ubuntu server always show the droplet IP and not the floating IP. If I can’t direct outbound traffic through the floating IP then it seems to be of little value for redundancy/resilience/maintenance as whilst I can set incoming connections to the floating IP, as outbound connections have a different source IP things like mail servers don’t work as get blacklisted.
I set the DNS of about 30 domains to the floating IP with the idea I could quickly swap these if I needed to switch to a backup server (without doing 1 by 1 from the DO control panel) but maybe I am misunderstanding what floating IPs are for?
-
On a droplet you should have 2 IP addresses. The instance IP and the anchor IP. The default gateway is set to the gateway on the instance IP network.
I was able to follow these steps to direct outbound traffic through the floating IP:
Get the Anchor IP gateway:
curl -s 169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/gatewaySet the default gateway to the Anchor IP gateway:
route add default gw <ANCHOR IP GATEWAY>Remove the instance IP gateway:
route del default gw <INSTANCE IP GATEWAY>
Check outbound IP address (this should return your Floating IP):
curl icanhazip.com-
Thanks for the reply Eric but I still can’t get it to report the IP as anything other than the instance IP. Posting IPs as set up a test droplet and have deleted it again.
Instance IP: 159.65.84.202
Floating IP: 139.59.203.32Running the check currently shows the 159 address as expected:
curl -4 icanhazip.com = 159.65.84.202I then run the command to get the gateway IP:
curl -s 169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/gateway = 10.16.0.1I then add a new default gateway using this address:
sudo route add default gw 10.16.0.1I then try to remove the other existing default gateway and get an error
sudo route del default gw 159.65.80.0 = SIOCDELRT: No such processThis is what route displays (after the successful add command):
root@rwshostingtest:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default _gateway 0.0.0.0 UG 0 0 0 ens3 default _gateway 0.0.0.0 UG 0 0 0 ens3 10.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens3 10.16.0.0 _gateway 255.255.0.0 UG 0 0 0 ens3 10.131.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens4 10.131.0.0 10.131.0.1 255.255.0.0 UG 0 0 0 ens4 159.65.80.0 0.0.0.0 255.255.240.0 U 0 0 0 ens3The curl command still returns the other IP:
curl -4 icanhazip.com = 159.65.84.202So still can’t get this to work
This command was a success:
ip route del 159.65.80.0/20But then ip route still lists the instance IP.
-
Ok I’ve worked it out at last and got it working.
First you need to get the gateway IP
curl -s 169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/gatewayThen add this as a new default gateway:
route add default gw <ANCHOR IP GATEWAY>Then run
route -nto see the networks:route -nThis displays the routing table:
0.0.0.0 10.16.0.1 0.0.0.0 UG 0 0 0 ens3 0.0.0.0 159.65.80.1 0.0.0.0 UG 0 0 0 ens3 10.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens3 10.16.0.0 10.16.0.1 255.255.0.0 UG 0 0 0 ens3 10.131.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens4 10.131.0.0 10.131.0.1 255.255.0.0 UG 0 0 0 ens4From this I can then work out the command I need to run to delete this second line:
route del -net 0.0.0.0 gw 159.65.80.1 netmask 0.0.0.0 dev ens3Now the curl command shows the floating IP:
root@rwshostingtest:~# curl -4 icanhazip.com 139.59.203.32I think this demonstrates working with floating IPs could do to be a bit easier on DO (so this was handled in the control panel) or at least documented how to switch. Also if I was to need to quickly change the IP for failover I think I would still have to follow these steps or something similar.
-
-
-
@apexinvesting
Hi, running route add default gw ip-number kills the current ssh connection and afterwards, it seems I am unable to log in again.
-
You will want to use the floating IP to login to SSH after you run the default gw command.
here you go, This is the answer you are looking for: https://blog.programster.org/openvpn-digitalocean-ip-alias
Have another answer? Share your knowledge.