Community


All times are UTC - 5 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: SOLVED: Bind NR server to a specific IP instead of 0.0.0.0?
PostPosted: Wed Dec 02, 2015 5:09 am 
Offline

Joined: Sun Aug 23, 2015 10:39 am
Posts: 7
Hello all,
I am running NeoRouter Server Free v2.4.1.4360 under Debian Jessie. I want to force NR server to bind to a specific IP address instead of 0.0.0.0. When I run "netstat -lntp", I see this:
Code:
tcp        0      0 0.0.0.0:32976             0.0.0.0:*               LISTEN      47218/nrserver

I can't figure out how to change binding address from 0.0.0.0 to a different one. The reason I need to do it that my server has two IP addresses, and I need NeoRouter server to be accessible only from the certain IP address. I have searched everywhere and could not find any info. I have also tried to fiddle with Feature.ini file, changing "NicInterfaceName" parameter to the interface of the second IP address, but it didn't work (well, considering the description says that this is "Network Interface name used for getting MAC address", this is probably correct behavior).

Thank you in advance for any help/info!


Last edited by acetylator on Wed Dec 02, 2015 6:07 am, edited 1 time in total.

Top
 Profile  
 
 Post subject: SOLVED: Bind NR server to a specific IP instead of 0.0.0.0?
PostPosted: Wed Dec 02, 2015 6:06 am 
Offline

Joined: Sun Aug 23, 2015 10:39 am
Posts: 7
SOLVED :D

After some extensive googling, I have found a solution, so I am sharing it here in case anyone needs it.

IMPORTANT NOTES:
This solution is actually a workaround, because (at least to my knowledge), NeoRouter Server does not support binding to a specific address - there is no such setting in its configuration. It always binds to 0.0.0.0.
To use this solution, you need root access to your server and gcc compiler installed.
I have tested it on Debian Jessie - works like a charm.

SOLUTION
We will need to build a special module (called bind.so) from source. We can use this module then to force any application to bind to any specific IP address. Sounds a little bit scary, but it is actually very simple. This solution works only on IPv4, for IPv6 support you might try this (I have not tested it, though).

Step 1
Download the source code of the bind module, use one of these mirrors: http://www.ryde.net/code/bind.c.txt or https://daniel-lange.com/software/bind.c
If you have downloaded source code from the first mirror, rename "bind.c.txt" to "bind.c".

Step 2
Compile bind.c (bind.so file will be created), and copy it to /usr/lib:
Code:
gcc -nostartfiles -fpic -shared bind.c -o bind.so -ldl -D_GNU_SOURCE
strip bind.so
cp -i bind.so /usr/lib/

Step 3
Now we must change /etc/init.d/nrserver.sh file, which starts/stops NeoRouter Server service.
Open /etc/init.d/nrserver.sh file in you favorite text editor and find these lines:
Code:
  start)
    log_begin_msg "Starting NeoRouter connection server: $NAME"
    start-stop-daemon --start --background -m --pidfile /var/run/nrserver.pid --exec $DAEMON >/dev/null && log_end_msg 0 || log_end_msg 1
    ;;

Change this block by adding two additional lines of code. Instead of "12.34.56.78" use desired IP address to which NeoRouter Server should bind on start. Please note that BIND_ADDR and LD_PRELOAD variables must be set with "export" directive.
Code:
  start)
    log_begin_msg "Starting NeoRouter connection server: $NAME"
    export BIND_ADDR="12.34.56.78"
    export LD_PRELOAD=/usr/lib/bind.so
    start-stop-daemon --start --background -m --pidfile /var/run/nrserver.pid --exec $DAEMON >/dev/null && log_end_msg 0 || log_end_msg 1
    ;;

Step 4
Now restart NeoRouter Server and we are done:
Code:
service nrserver.sh restart

You can verify that everything works with the following command:
Code:
netstat -lntp

If everything works, you should see something like this:
Code:
tcp        0      0 12.34.56.78:32796       0.0.0.0:*               LISTEN      4729/nrserver

For some more reading visit links below.

REFERENCES:
https://daniel-lange.com/archives/53-Binding-applications-to-a-specific-IP.html
https://github.com/meebey/force_bind <-- this is a similar module which seems to work with IPv6, but I have not tested it. If you try it, please share your experience!


Top
 Profile  
 
 Post subject: Re: SOLVED: Bind NR server to a specific IP instead of 0.0.0.0?
PostPosted: Wed Dec 02, 2015 11:17 pm 
Offline

Joined: Tue Feb 10, 2009 4:11 am
Posts: 96
acetylator wrote:
SOLVED :D


smart...

but you can simply use iptables to accept packets to the specific interface and drop all the others, it's much easier, see man iptables

and you might want to enable lo on the server system if you plan to run client on it.


Top
 Profile  
 
 Post subject: Re: SOLVED: Bind NR server to a specific IP instead of 0.0.0.0?
PostPosted: Thu Dec 03, 2015 6:02 am 
Offline

Joined: Sun Aug 23, 2015 10:39 am
Posts: 7
Yes, you can use this, too. However, in my situation it wouldn't make much sense. My server is reachable only from limited number of ports (due to the nature of the used network infrastructure) and I have another application that must listen on the same port as NeoRouter Server. I have solved this by getting a secondary IP address (so I have two network interfaces). NeoRouter is listening on port XXX on IP 1.1.1.1, and the other application is listening on the same port XXX on IP 2.2.2.2.
Probably this could be solved with iptables, too, but I find my solution easier - you compile a tiny file and change two lines of code. Besides, it's good to have such a module just for the case, since it can be used with any application. There is also one last, and the most important factor - I simply hate fiddling with iptables/routing :D


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron