Manual Elastic IP as Traffic Source

There are some cases where you may want to use Elastic IP as a source IP address - for example, if you run an SMTP server. It is possible to achieve that with manual Elastic IPs for applications, which allows you to configure their source IP. The traffic emitted in this setup is seen as coming from the Elastic IP address and not from the native IP address.

For instance, with Postfix, you can add the following line in /etc/postfix/main.cf:

$ smtp_bind_address = 203.0.113.202

Most software has a similar setting for outgoing connections. Search for the bind keyword in the documentation.

WARNING
Elastic IP addresses should not be shared across multiple traffic-emitting instances, as it will result in asymmetric routing for returning traffic.

There might be cases when you need to use IPv6 addresses from the Elastic IPv6 prefix as a source for egress traffic. You will need to either:

  • Configure the Elastic IPv6 addresses as binding addresses on the application level
    For example with Postfix mail server you could use smtp_bind_address6 = 2001:240:587:0:250:56ff:fe89:1

  • Configure the Elastic IPv6 address as the preferred source on the system’s routing level
    There are several ways to implement a preferred source at the level of routing, depending on the operating system and personal preference. Here are two examples with netplan and systemd-networkd, two popular networking options in the Linux world.

IPv6 modification with netplan

Modifying the default IPv6 source address with netplan.

Assuming you need to use 2a04:c44:c00:3a46:500:2::1337 as the source IPv6 address for all egress traffic:

$ sudo ip -6 address add 2a04:c44:c00:3a46:500:1:0:1337/128 dev lo

Then

$ cat <<EOF | sudo tee /etc/netplan/51-eipv6-source.yaml
---
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      routes:
        - to: default
          from: 2a04:c44:c00:3a46:500:2::1337
          via: $(ip -6 r show default | awk '{print $3}')
          metric: 99
EOF

and then invoke sudo netplan apply.

IPv6 modification with systemd-networkd

Modifying the default IPv6 source address with systemd-networkd.

Assuming you need to use 2a04:c44:c00:3a46:500:2::1337 as the source IPv6 address for all egress traffic:

$ sudo ip -6 address add 2a04:c44:c00:3a46:500:1:0:1337/128 dev lo

Then

debian@debianv6:~$ cat << EOF | sudo tee /etc/systemd/network/eth0.network
> [Match]
Name=eth0

[Network]
DHCP=ipv4
LinkLocalAddressing=ipv6
IPv6AcceptRA=yes

[Route]
Destination=::/0
Gateway=_ipv6ra
PreferredSource=2a04:c44:c00:3a46:500:1:0:1337
Metric=99
EOF

and then invoke sudo systemctl restart systemd-networkd.