Assign IPs to programs/processes

Question

I need to assign different IP addresses to different processes (mostly PHP & Ruby programs) running on my Linux server. They will be making queries to various servers, including the situation where processes connecting to the same external server should have different IPs.

How this can be achieved?

Any option (system wide, or PHP/Ruby-specific, using proxy servers etc) will suit me.

Answer 1

As per @LeonardoRick request, I'm providing the details for the solution that I ended up with.

Say, I have a server with 172.16.0.1 and 172.16.0.2 IP addresses.

I set up nginx (on the same machine) with the configuration that was looking somewhat like this:

server {

      # NEVER EXPOSE THIS SERVER TO THE INTERNET, MAKE SURE PORT 10024 is not available from outside
      listen 127.0.0.1:10024;
      
      # block access from outside on nginx level as well
      allow 127.0.0.1;
      deny  all;
      
      # actual proxy rules
      location ~* ^/from-172-16-0-1/http(s?)\:\/\/(.*) {
            proxy_bind     172.16.0.1;
            proxy_pass     http$1://$2?$args;
      }   
      location ~* ^/from-172-16-0-2/http(s?)\:\/\/(.*) {
            proxy_bind     172.16.0.2;
            proxy_pass     http$1://$2?$args;
      }
}

(Actually I cannot remember all the details now (this code is 'from whiteboard', it's not an actual working one), nevertheless it should represent all the key ideas. Check regexes before deployment).
Double-check that port 10024 is firewalled and not accessible from outside, add extra authentication if necessary. Especially if you are running Docker.

This nginx setup makes it possible to run HTTP requests like
http://127.0.0.1:10024/from-172-16-0-2/https://example.com/some-URN/object?argument1=something

Once received a request, nginx will fetch the HTTP response from the requested URL using the IP specified by the corresponding proxy_bind directive.

Then - as I was running in-house or open-source software - I simply configured it (or altered its code) so it would perform requests like the one above instead of (original) https://example.com/some-URN/object?argument1=something.

All the management - what IP should be used at the moment - was also done by 'my' software, it simply selected the necessary /from-172-16-0-XXX/ endpoint according to its business logic.

That worked very well for my original question/task. However, this may not be suitable for some other applications, where it could not be possible to alter the request URLs. However, a similar approach with setting some kind of proxy may work for those cases.

---

(If you are not familiar with nginx, there are some starting guides here and here)

Answer 2

The processes bind sockets (both incoming and outgoing) to an interface (or multiple interfaces), addressable by IP address, with various ports. In order to have them directly addressable by different IP addresses, you must have them bind their sockets to different NICs (virtual or hardware).

You could point each process to a proxy (configure the hostname of the server to be queried to be a different proxy for each process), in which case the external server will see the different IPs of the proxies. Otherwise, if you could directly configure the processes to use different NICs for their communications, that would be ideal.

You may need to make changes to the code to make this configurable (very often, programmers create outgoing TCP connections with convenience functions without specifying the NIC they will use, as they typically don't care). In PHP, you can use "socket_bind" to bind the endpoint to a nic, e.g. see the first example in the docs for socket_bind.