|
Last change
on this file since 721 was 715, checked in by contact, 4 years ago |
|
doc/per-user-ip: new documentation article
|
|
File size:
973 bytes
|
| Rev | Line | |
|---|
| [715] | 1 | # Setting up per-user IP addresses
|
|---|
| 2 |
|
|---|
| 3 | If your bouncer hosts many users, you may want to assign a unique IP address for
|
|---|
| 4 | each user. This allows upstream networks to easily ban a single user when a
|
|---|
| 5 | misbehavior is detected, instead of banning the whole bouncer.
|
|---|
| 6 |
|
|---|
| 7 | Assuming you're running Linux and want to use the IPv6 prefix `2001:db8::/32`:
|
|---|
| 8 |
|
|---|
| 9 | 1. Setup the router to redirect ingress packets with one of these IP addresses
|
|---|
| 10 | as the destination to your bouncer.
|
|---|
| 11 | 2. Enable `net.ipv6.ip_nonlocal_bind=1` with `sysctl`.
|
|---|
| 12 | 3. Setup a local route for this prefix:
|
|---|
| 13 | `ip route add local 2001:db8::/56 dev lo`
|
|---|
| 14 | 4. Check network connectivity:
|
|---|
| 15 | `curl -6 --interface 2001:db8::42 https://emersion.fr`
|
|---|
| 16 | 5. Configure soju to use this IP range: `upstream-user-ip 2001:db8::/32`
|
|---|
| 17 |
|
|---|
| 18 | The address `2001:db8::1` will be left unused. Users will be assigned IP
|
|---|
| 19 | addresses starting from `2001:db8::2`.
|
|---|
| 20 |
|
|---|
| 21 | The IRC `/whois` command can be used to double-check that the expected IPv6
|
|---|
| 22 | addresses are being used.
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
