Bind IP address to application

Question

I have multiple network interfaces on a single machine. I am wondering how I can bind a network interface to an application.

Example: Network Interfaces: eth0, eth1

Application A use dummy0 Application B use dummy1

Is it possible to bind an application to an interface like this?

Use Case: 1 machine with 2 internet connections; eth0 -> internet connection 0 eth1 -> internet connection 1

Application use a predefined interface Firefox -> eth0 -> internet connection 0 Chrome -> eth1 -> internet connection 1

OS: CentOS 5.9 32bit

krowe · Answer 1 · 2014-04-09T12:43:50.277

Selecting a specific adapter for an application is an application specific setting. You must determine how this is done in your specific application. It cannot be done on the system level.

Windows

You can adjust the priority of adapters on a global system level though. Use the up and down arrows on the Network connections advanced properties page.

http://levynewsnetwork.wordpress.com/2011/12/01/windows-7-default-internet-connection-choice/

Linux

In Linux the process isn't as straight forward. You must tell Linux that one adapter is further away than the other using the metric.

To prioritize adapters in Linux, you'd have to use the route command, to add the route with the desired metric and delete the old entry. For example:

sudo route add -net default gw 10.10.0.1 netmask 0.0.0.0 dev wlan0 metric 1
sudo route del -net default gw 10.10.0.1 netmask 0.0.0.0 dev wlan0 metric 0

For both OSes, the same order will be used for every application when this is done.

score 2 · Answer 2 · answered Apr 09 '14 at 12:59

While applications can bind to particular IP adresses it's application specific. For your particular example both Chrome and Firefox support HTTP proxies.

You could use Squid with configuration like the following to make them use a specific NIC.

acl browser1 localip 127.0.0.2
acl browser2 localip 127.0.0.3
tcp_outgoing_address 192.168.1.99 browser1
tcp_outgoing_address 197.6.0.1 browser2

Now Firefox would be configured to connect to the proxy at 127.0.0.2 which would use 192.168.1.99 as the NIC for performing outgoing TCP requests.

Chrome would be configured to use 127.0.0.3 as a proxy which would use 197.6.0.1 as the outgoing address.

score 2 · Answer 3 · edited Aug 23 '15 at 10:36

There's a simple solution - Daniel Ryde wrote an LD_PRELOAD "shim" library (bind.c) that modifies bind behaviour, for this purpose. Check out this tutorial:

https://www.x4b.net/kb/BindProcessToIPonLinux

Given there is effectively a default bind address for applications (see your routing table), it is in my opinion superbly strange that there usually is no standard way (as in "distribution package code") to override that default interface, yes; on the system level, for a particular set of applications.

Some programs do have command line options to listen to the interface of your choice, which is all fine and well.

My default route goes via a VPN proxy (surely a pretty common scenario). A good default for outgoing connections, this tunnel does not support inbound connections from the internet very well. Therefore I need to force server-oriented programs A, B, and C to bind to some other IP (main ISP provided address). And client-oriented program D, I want to use my public interface for different reasons.

The above library works well, for this purpose!

A solution is:

Create a new user
Header-mangle ALL the packets of that particular user
Run the programs as that user, ONLY to "effectively bind" to the desired interface seems like... an ugly hack, in comparison.

Alternatively:

Create new user SuperFluous
Make SuperFluous use different routing table
Run A, B, C as user SuperFluous; Still not good enough! I want to run "my" servers as "me" (I might not even have privileges to create new users and routing policies).

LISTEN_TO=$THIS_INTERFACE Command; # <- It should be that simple.

score 1 · Answer 4 · answered Apr 10 '14 at 09:45

Actually the subject of the question is a bit inaccurate. Binding an application to an interface applies for an application acting as a server.

In this case the correct term is "Routing the traffic for a specific application in a specific way". In Linux this can be accomplished with Policy routing.

The trick is that one launches the other browser as a different user, and policy routing rules then make all packets from that user use the other default gateway.

http://blog.sebastien.raveau.name/2009/04/per-process-routing.html has a complete description.

intika · Answer 5 · 2020-01-01T04:40:49.250

0

Solution

Under Linux there are several solutions to bind an application to a specific interface each one have its pro and con this unix stackexchange answer explain with details most of the available possibilities

edited Jan 01 '20 at 04:40

answered Apr 28 '19 at 21:19

intika

1,383

score 0 · Answer 6 · answered Apr 09 '14 at 12:33

As krowe already said it's application specific. If you application doesn't support the binding to a given interface/IP you can use iptables (Linux) or ipfilter (*BSD).

The Ubuntu-Wiki has some rather nice introduction to iptables: https://help.ubuntu.com/community/IptablesHowTo

Bind IP address to application

6 Answers6

Solution