How to bind a user's dedicated IP to also be used as their OUTGOING IP?

[duntuk]

I know this has been discussed countless times regarding email. However, what is the best practice on using the users dedicated IP to also be used as his outgoing IP?

Several different users PULL content via different methods to their site, however, the outgoing IP is, by default, the main server IP.

The problem with this is, there are quotas that are enforced by IP.

For example:

We host several real estate sites, that pull 50,000 MLS properties each via drush, where these properties get geocoded (i.e. get their Long/Lat via Google).... However, Google's Geocoding limit is 2500 hits per 24hrs... which is enforced by IP.

So if we have all these users using google's service under the same IP, the geocoding will take forever--because the geocoding quota will almost always be reached if you combine all these users.

...

This seems like such a basic necessity (just like with outbound email), yet it seems so backward that, by default, all outgoing connections use the server's main IP.

I briefly read about squid. And also DirectAdmin touches on this: http://help.directadmin.com/item.php?id=528 ... But just curious what's the best route to take here. Thanks!

 

[zEitEr]

If you connect to Google from PHP script you can always specify outgoing IP.

if you use CURL:

curl_setopt($ch, CURLOPT_INTERFACE, $ip);

if you use sockets:

socket_bind($sock, $sourceips['madcoder']);

Then you filter outgoing connections depending on UID of a creator. It mean you allow ougoing connections from that IP only for trusted users (i.e. with specific uid).

You can find some ideas on how to filter it with iptables here on my site.

 

[duntuk]

Thanks zEitEr, however that's not a practical solution to implement server wide across different user accounts of varying PHP programming skill levels--i.e. most will not go through the trouble of altering various modules/extensions.

This would have to be done at a server level where it involves no end-user interaction--we're dealing with non-programmers here; regular folks with very limited skill levels.

 

[duntuk]

I think something like squid may work....


*************

http://www.cyberciti.biz/faq/linux-unix-bsd-squid-proxy-set-tcp_outgoing_address/

Setting up multiple outgoing IP addresses

You can forward clients request based on IPs for certain users:

#define acl
acl admin 192.168.1.100
acl tom 192.168.1.101
acl raj 192.168.1.102
 
# set up outgoing rule
tcp_outgoing_address 192.168.1.254 admin
tcp_outgoing_address 192.168.1.253 tom
tcp_outgoing_address 192.168.1.253 raj

 

[zEitEr]

Hey, there is nothing you could do with squid unless you can make it to filter traffic on UID bases, I'd rather say. If we talk about PHP scripts, then all connections will have one and the same source IP (even before squid). You won't make your PHP scripts to connect with different source IP unless you specify it in PHP code or patch PHP for the purpose.

Is there any place where you can specify source IPs for your users, so PHP could use it? I doubt. So again, you should filter connections depending on USER-ID (UID), and forward it from a specified source IP.

You can forward clients request based on IPs for certain users:

That's true only if they originate from different IPs before squid. I.e. if you want different public IPs for users in your LAN through NAT.

 

[duntuk]

Thanks zEitEr. I haven't looked into squid yet, but if what you're saying is valid (which it seems so), then the only viable option for non-programmer users would to allocate each user's website to his/her own server or VPS. That's a shame that PHP and/or Linux doesn't take IP delegation into consideration at a root level, especially when shared hosting environments are the most popular.