Discussion:
[freetds] How to specify the local ip address to connect from
Marten Lehmann
2012-10-18 02:18:00 UTC
Permalink
Hello,

I'm using FreeTDS to connect to a MS SQL Server. This worked fine on the
development host, because only the one single IP address of it had to be
whitelisted in the firewall of the MS SQL Server.

But on the production server, several aliased network interfaces with
different IP addresses are set up and the web application is obviously
not connecting through the main interface, which is already whitelisted.

How can I set the local ip address / interface that FreeTDS connects
from to the remote database host?

Kind regards
Marten Lehmann
James K. Lowden
2012-10-18 05:36:03 UTC
Permalink
On Thu, 18 Oct 2012 04:18:00 +0200
Post by Marten Lehmann
How can I set the local ip address / interface that FreeTDS connects
from to the remote database host?
There is no facility in FreeTDS to control which interface is used. I
cannot offhand think of any way to control that using the standard
socket interface i.e. connect(2). That sort of thing would be
governed by the routing tables within the machine hosting the FreeTDS
application.

If I may ask, what prompts you to introduce a firewall between your
webserver and your database server? Surely the database server is on
a network not accessible from the outside?

--jkl
Marten Lehmann
2012-10-18 08:57:47 UTC
Permalink
Hello,

I'm not much into the glibc socket API, but the perl module
http://search.cpan.org/~gbarr/IO-1.25/lib/IO/Socket/INET.pm manages to
exactly do this: Define the local IP (and even port) a connection is
made from.

First it looks if the option LocalAddr is specified, otherwise it leaves
the decision to the OS:

$laddr = defined $laddr ? inet_aton($laddr) : INADDR_ANY;

And then, before connect() is called, it binds to the interface:

if($lport || ($laddr ne INADDR_ANY) || exists $arg->{Listen}) {
$sock->bind($lport || 0, $laddr) or
return _error($sock, $!, "$!");
}

If someone knows the underlying socket API of the OS, he can surely
adapt this to create a localaddr option or similar for FreeTDS.

Kind regards
Marten Lehmann
Post by James K. Lowden
On Thu, 18 Oct 2012 04:18:00 +0200
Post by Marten Lehmann
How can I set the local ip address / interface that FreeTDS connects
from to the remote database host?
There is no facility in FreeTDS to control which interface is used. I
cannot offhand think of any way to control that using the standard
socket interface i.e. connect(2). That sort of thing would be
governed by the routing tables within the machine hosting the FreeTDS
application.
If I may ask, what prompts you to introduce a firewall between your
webserver and your database server? Surely the database server is on
a network not accessible from the outside?
--jkl
_______________________________________________
FreeTDS mailing list
FreeTDS at lists.ibiblio.org
http://lists.ibiblio.org/mailman/listinfo/freetds
Frediano Ziglio
2012-10-18 15:34:12 UTC
Permalink
Probably you can strace your program but should be a call to bind

Frediano
Post by Marten Lehmann
Hello,
I'm not much into the glibc socket API, but the perl module
http://search.cpan.org/~gbarr/IO-1.25/lib/IO/Socket/INET.pm manages to
exactly do this: Define the local IP (and even port) a connection is
made from.
First it looks if the option LocalAddr is specified, otherwise it leaves
$laddr = defined $laddr ? inet_aton($laddr) : INADDR_ANY;
if($lport || ($laddr ne INADDR_ANY) || exists $arg->{Listen}) {
$sock->bind($lport || 0, $laddr) or
return _error($sock, $!, "$!");
}
If someone knows the underlying socket API of the OS, he can surely
adapt this to create a localaddr option or similar for FreeTDS.
Kind regards
Marten Lehmann
Post by James K. Lowden
On Thu, 18 Oct 2012 04:18:00 +0200
Post by Marten Lehmann
How can I set the local ip address / interface that FreeTDS connects
from to the remote database host?
There is no facility in FreeTDS to control which interface is used. I
cannot offhand think of any way to control that using the standard
socket interface i.e. connect(2). That sort of thing would be
governed by the routing tables within the machine hosting the FreeTDS
application.
If I may ask, what prompts you to introduce a firewall between your
webserver and your database server? Surely the database server is on
a network not accessible from the outside?
Continue reading on narkive:
Loading...