Douglas Muth on 16 Feb 2012 19:39:39 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] network choice from the application level


On Thu, Feb 16, 2012 at 10:09 PM, Eric at Lucii.org <eric@lucii.org> wrote:
>
> Is it possible for the applications (PHP) to select which of the two
> OUTGOING IP addresses it uses to talk to the database server?
>
> The database people want the requests to come FROM a different IP
> address depending on the particular application.
>
> I think it's impossible.

I'm not aware of any way to do that in PHP, but iptables may be an option.

Unfortunately, I'm not that advanced with iptables.  Your best bet may
be to make the "offending" PHP application try connecting to an
alternate IP address or maybe an alternate port on the target machine
and then rewriting the source and target info with iptables.
Something like:

iptables -A PREROUTING -p tcp --dport $ALTERNATE_PORT -j DNAT
--to-destination $DATABASE_IP:$CORRECT_PORT
iptables -A POSTROUTING -m connect --ctstate DNAT -j SNAT --to-source
$ALTERNATE_IP

I haven't tested that config, though.

-- Doug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug