These days many systems are multi-homed in the sense that they have more than one IP address bound at the same time.
I.e. for different network cards, virtual IPs for shared servers or just using WiFi and a wired network connection at the same time on a laptop.
Murphy of course makes sure that your system will choose to worst IP (i.e. that on slow WiFi or the one reserved for admin access) when an application does not specifically supports binding to a selected IP address. And Mozilla Firefox for example doesn't.
The kernel chooses an outgoing IP from those in the routing table with the same metric:
daniel@server:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.0.2.1 0.0.0.0 U 0 0 0 eth0
0.0.0.0 192.0.2.2 0.0.0.0 U 0 0 0 eth1
0.0.0.0 192.0.2.3 0.0.0.0 U 0 0 0 eth2
0.0.0.0 192.0.2.4 0.0.0.0 U 0 0 0 eth3
You can obviously play around with the metric and make the kernel router prefer the desired interface above others. This will affect all applications though. Some people use the firewall to nat all packages to port 80 onto the network interface desired for web browsing. Gee, beware the http://somewebsite.tld:8080 links...
Thankfully Daniel Ryde has solved the problem via a LD_PRELOAD shim. With his code you can run
and happily surf away.
To compile his code (3.3kB, local copy, see note 1) you need to run
strip bind.so
cp -i bind.so /usr/lib/
and you're set to go.
If you don't have gcc available (and trust me) you can download pre-compiled 32bit and 64bit (glibc-2) bind.so libraries here (4.5kB).
I guess because Daniel Ryde hid his code so well on his webpage, Robert J. McKay wrote another LD_PRELOAD shim, called Bindhack (4.5kB, local mirror). This will - as is - only compile on 32bit machines. But YMMV.
Run the above command (*) with your desired (and locally bound) IP address in bash and visit MyIP.dk or DNStools.ch or any of the other services that show your external IP to see whether you've succeeded.
Notes:
- Daniel Ryde did not specify the -D_GNU_SOURCE in the comments section of bind.c. Modern glibc/gcc need that as he used RTLD_NEXT which is Unix98 and not POSIX. I amended the local copy of bind.c and sent him an email so he can update his.
- Both are IPv4 only, no IPv6 support.
Updates:
19.03.15 madmakz wrote in to clarify that all of the bind LD_PRELOAD shims only work with TCP connections. So not with UDP.
I'm not aware of a shim that manipulates UDP sockets.
14.01.14 Christian Pellegrin wrote a superb article on how to achieve per-application routing with the help of Linux network namespaces.
16.06.13 showip.be seems to be gone, so I replaced it with dnstools.ch in the text above. There are plenty of others as well.
22.06.12 Lennart Poettering has a IPv4 only version of a shim and a rather good readme available at his site.
29.11.10 Catalin M. Boie wrote another LD_PRELOAD shim, force_bind. I have not tested this one. It's capable of handling IPv6 binds.
11.01.09 Daniel Ryde has replied to my email and updated his local copy now as well.
Didnt work for me,have tried compiling and pre-compiled bin. My routing table
http://pastebin.com/m376d810a
my ip : 10.77.0.200
BIND_ADDR=10.77.0.200 LD_PRELOAD=/home/djkz/Desktop/bind.so firefox
Brilliant! Thanks!
Doesn't work. IP remains always that of the default NIC. Nada no nothing.
Well, it works for me and many, many others. strace your application and see what it does. Notice that LD_PRELOAD is not evaluated for setuid/setgid applications.
Thank you. It's work for me. I used Daniel Ryde's script.
I bind 3 firefox with 3 IPs, all of them work well
Why isn't this code in my repository??
It's absolutely frickin essential!!
Thank you.
I have tested it on Debian Jessie and it works. Thank you very much! I have used your solution to force NeoRouter Server to bind to a specific address. For those interested, solution is described here.
Doesn't seem to work as default gateway stays the same... so binding to other ip with same gateway leads to connectivity issues.
Nope. The bind() call doesn't know anything about routing or default gateways. That's in the kernel network stack. So there must be something else broken with your setup and use of multiple IPs. Obviously you can only tweak the bind() call to use IPs that are actually bound, up and working on the host system.
third_party/bind$ gcc -nostartfiles -fpic -shared bind.c -o bind.so bind.c: In function ‘_init’: bind.c:71:21: error: ‘RTLD_NEXT’ undeclared (first use in this function) real_bind = dlsym (RTLD_NEXT, "bind"); ^ bind.c:71:21: note: each undeclared identifier is reported only once for each function it appears in bind.c:83:21: warning: implicit declaration of function ‘inet_addr’ [-Wimplicit-function-declaration] bind_addr_saddr = inet_addr (bind_addr_env); ^
You failed the copy & paste new developer course.
The
-D_GNU_SOURCEis not optional.Is this code threadsafe? We have
struct sockaddr_in local_sockaddr_in[] = { 0 };
and in bind() and connect() we have
static struct sockaddr_in *rsk_in;
I think all these should be stack variables for thread safety.
I've done a variation of this that allows the bind address to be changed dynamically via the JNI for using this with Java if you're interested