All geek questions in one place

How can I force outgoing ip for specific applications? ForceBindIp doesn't seem to work

I have a dedicated 2012 server with 12 dedicated IP addresses.

I want to be able to make connections simultaneously with two different ips that I choose.

This will be used for two different browser applications.

I tried the following:

ForceBindIP %IP_ADDRESS% %APP_EXE%

But the IP address does not change, the browser always displays the lowest IP address from my added range.

I also experimented with a script that removes all ips and then just adds it.

 netsh interface ipv4 delete address "Ethernet" 104.251.111.110 netsh interface ipv4 delete address "Ethernet" 104.251.111.111 netsh interface ipv4 delete address "Ethernet" 104.251.111.112 netsh interface ipv4 delete address "Ethernet" 104.251.111.114 .... netsh interface ipv4 add address "Ethernet" 104.251.111.115 255.255.255.0

This changes the address, but in the end I only have one IP for both applications.

+5
source share
2 answers

If the applications you intend to use do not support binding to the / ip interfaces (true, this is unusual), you can use the SOCKS or Proxy software (which is much more common, especially in browsers).

For example, you can install WinGate or Squid http://www.squid-cache.org (this is the one I know the most).

Squid-Cache has the ability to bind to various outgoing addresses based on rules ( http://www.squid-cache.org/Doc/config/tcp_outgoing_address/ ).

Basically you need to do the following:

  • install squid
  • add ACLs for IP loopback conversion, for example:
  acl IP110 src 127.0.0.1/32 acl IP111 src 127.0.0.2/32 [...] tcp_outgoing_address 104.251.111.110 IP110 tcp_outgoing_address 104.251.111.111 IP111 [...]
  • And by default, which is just formally necessary:
  tcp_outgoing_address 104.251.111.110

Then, each application must be configured using a proxy (or SOCKS, if you do so), which is the most affordable configuration option. On the proxy settings, set the appropriate local IP:

  • for outgoing connection using IP.111, use the proxy server at 127.0.0.2
  • for outgoing connection using IP.110, use the proxy server at 127.0.0.1
  • .. etc.

Make sure that Squid (or WinGate) is bound to localhost 127.0.0.1/24, so you should not have serious security issues, but if it is available on the Internet, you can continue the security check.

Thus, if you decide to disconnect any application remotely, to another server, you can still use the same outgoing IP addresses, you just need to change the squid configuration to allow an external connection, which can be a big plus for scaling .

+2
source

It looks like you are looking for a fix related to a small redistribution of browser applications. Assuming you are using IIS to serve applications, you should:

  • Using Explorer or the command line, a soft link to the application configuration in a different root folder for each instance of the browser application.
  • Using IIS, recreate the application as a site for each of the browser application folders specified above.
  • Using IIS, bind each instance of the browser application to the IP address with which you want to serve it.

Warning. It is supposed to use the same application pool for all instances, but first of all, evaluate your equipment! Remember that (depending on the requirements of the application) you create a single point of failure when using a single application pool. Create separate application pools with the same parameters to reduce this risk.

+1
source

Source: https://habr.com/ru/post/1266167/

More articles:


All Articles