Eric at Lucii.org on 17 Feb 2012 06:46:11 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] network choice from the application level |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/16/2012 10:48 PM, Rich Freeman wrote: > On Thu, Feb 16, 2012 at 10:39 PM, Douglas Muth <doug.muth@gmail.com> wrote: >> On Thu, Feb 16, 2012 at 10:09 PM, Eric at Lucii.org <eric@lucii.org> wrote: >>> >>> Is it possible for the applications (PHP) to select which of the two >>> OUTGOING IP addresses it uses to talk to the database server? >>> >> >> I'm not aware of any way to do that in PHP, but iptables may be an option. >> >> Unfortunately, I'm not that advanced with iptables. Your best bet may >> be to make the "offending" PHP application try connecting to an >> alternate IP address or maybe an alternate port on the target machine >> and then rewriting the source and target info with iptables. > > I was thinking the same thing. > > I'm not sure about PHP, but from some googling the C socket APIs do > allow this. Normally for an outgoing connection you create a socket() > and use connect() to establish an outgoing connection. However, > in-between you could use bind() to attach that socket to a local > IP/port. You obviously need a route from both interfaces to the > destination. > > I'm not a PHP expert, but I do see the PHP command socket_bind. There > is a good chance that will let you do the same thing. Now, that will > get you a TCP connection, but I have no idea if it is easy to use that > connection for any of the PHP libraries for database access. I > imagine most of those libraries assume that they're going to create > the socket they use, and this is pretty low-level stuff. > > iptables might be your best bet if you want to use the high-level > apis. I don't know if the database connections are smart enough to > figure out that the IP the packets are arriving at is not the one they > were being sent to originally. > > Obviously if the server can run on separate ports or IPs that would > make life much easier... > > Rich If it takes iptables and/or sockets then it's too complex in these circumstances (extreme rush to get the site online.) I'm going to rely on my contact there to crush the "requirement" for separate requests from separate ips. Thanks! Eric - -- # Eric Lucas # # "Oh, I have slipped the surly bond of earth # And danced the skies on laughter-silvered wings... # -- John Gillespie Magee Jr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8+aB4ACgkQ2sGpvXQrZ/7ogwCg3GhPjHsdmJfGHGhOOppkG2cK dzEAoIkU8NlBmBqFqMLJYjrpSrAyyhQ4 =3QkG -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug