doc/per-user-ip: new documentation article
This commit is contained in:
parent
254108bd99
commit
98af48d254
22
doc/per-user-ip.md
Normal file
22
doc/per-user-ip.md
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
# Setting up per-user IP addresses
|
||||||
|
|
||||||
|
If your bouncer hosts many users, you may want to assign a unique IP address for
|
||||||
|
each user. This allows upstream networks to easily ban a single user when a
|
||||||
|
misbehavior is detected, instead of banning the whole bouncer.
|
||||||
|
|
||||||
|
Assuming you're running Linux and want to use the IPv6 prefix `2001:db8::/32`:
|
||||||
|
|
||||||
|
1. Setup the router to redirect ingress packets with one of these IP addresses
|
||||||
|
as the destination to your bouncer.
|
||||||
|
2. Enable `net.ipv6.ip_nonlocal_bind=1` with `sysctl`.
|
||||||
|
3. Setup a local route for this prefix:
|
||||||
|
`ip route add local 2001:db8::/56 dev lo`
|
||||||
|
4. Check network connectivity:
|
||||||
|
`curl -6 --interface 2001:db8::42 https://emersion.fr`
|
||||||
|
5. Configure soju to use this IP range: `upstream-user-ip 2001:db8::/32`
|
||||||
|
|
||||||
|
The address `2001:db8::1` will be left unused. Users will be assigned IP
|
||||||
|
addresses starting from `2001:db8::2`.
|
||||||
|
|
||||||
|
The IRC `/whois` command can be used to double-check that the expected IPv6
|
||||||
|
addresses are being used.
|
Loading…
Reference in New Issue
Block a user