in reply to LWP and LocalIP/LocalPort

I'm not sure why you want to set the local port as well as the local IP address. Most services (although RSH is a notable exception) do not take any notice of the local port number, so you should be able to use whatever port is assigned by your OS when the socket is created.

In this case I suspect that your machine already has a server running on port 8080. If the port is already taken, the OS will not let you use it for an outgoing connection.

If you want to connect from a specified local IP to a server that is running on port 8080, set the Local IP with 

@LWP::Protocol::http::EXTRA_SOCK_OPTS = ( LocalAddr => '1.2.3.4' );

[download]
Then set the destination port as part of the URL you are retrieving, e.g. http://hostname:8080/index.html

JJ

Replies are listed 'Best First'.
Re: Re: LWP and LocalIP/LocalPort
by jk2addict (Chaplain) on Oct 16, 2002 at 03:20 UTC

    The Short Answer:
    The reason I want to set the local port as well is so the outgoing connection is predictable and filterable.

    The Long Answer:
    I've got a web server with MovableType running on it. One of the functions that MT performs is to send XML 'pings' or update notices to external web servers. This server and the firewall in front of it have both ingress and egress filtering in place. In other words, the web server is not allowed to contact stuff on the internet all by it's lonesome in case of virus/rootkit infection.

    Now there is the quandry. I can't let this machine contact *:80 on the internet. That defeats the purpose of the egress filtering. But, if I can lock it down (kind of like Bind's query-source option) to a predictable IP/port, I can allow the software out, but other *:80 requests form the machine will still be blocked.

    I could install tinyproxy in this machine to proxy those requests, but that's overkill when I should be able to specify the LocalIP/LocalPort in LWP.

[reply]
      I can see what you're trying to achieve, but by restricting the outgoing port there will always be a potential for failure.

      Say for example your outgoing connection for the XML 'pings' was set to always use port 50000 (and it was working :-). You do not have control over the ports that incoming connections to your MT server will be using (i.e. the local ports on computers browsing your site), so there is a chance that an incoming connection could be using port 50000 at the same time as MT was trying to open an outgoing socket. Your XML 'ping' would fail.

      Would it be secure enough to make a list of the IP addresses you need to XML 'ping' and then allow connections from any local ports (in the range 1024-65535) to port 80 on the specific IP addresses, e.g. 10.0.0.1:80, 10.0.0.2:80 etc? Then your OS can still allocate outgoing port numbers in the usual manner.

      JJ

[reply]

        These are outgoing only to port 80. All incoming would be going to port 80 on the server itself. They are two seperate process that I don't believe could tramp on each other port wise. For that matter, the ip I would specify for the outoging pings from MT would be different the the IP address where incoming http requests go.

        Unfortunately, the destination addresses could be any server out there runnin it's own copy of MT.

[reply]

In Section Seekers of Perl Wisdom