How to force source IP address on linux

How to force source IP address on linux Author: jimmy May 21

UPDATE: THIS INFORMATION IS INCORRECT AND CAN LEAD TO KERNEL PANICS

On linux servers where interfaces are multi homed on the same subnet there is a very common issue. You can not determine or set what IP address is used to source connections. This can make a security nightmare when trying to lock down services to a single IP that keeps changing. Do not fear, There is a way to force outgoing connections to use a specific ip address.

This little trick uses IPtables and is something known as source nat’ing. It does the exact opposite as regular nat or DNAT. So go grab some IPtables binaries if you dont already have them and we shall get started.

# iptables -t nat -A POSTROUTING -m state --state new -j SNAT --to-source 1.2.3.4

That is all that is required. All new connections ie connections originating from the box will be forced to use the IP address of 1.2.3.4

Category: Linux | Tags: iptables, kernel, linux, nat, networking, snat

You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Categories

Meta