Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
FragMaster2022-01-08 12:13:40
Automation
FragMaster, 2022-01-08 12:13:40

How can I make a mechanism that controls the external IP and prohibits access to the Internet if the external IP is not equal to the specified one?

Given:

  1. there are several dozen virtual machines under Win10
  2. each VM accesses the Internet through its own external IP address. This is achieved by configured routing on the router (pfSense). A simplified routing scheme looks like this: VM --> pfSense --> OVPN server (external IP) --> Internet


Task:
  1. create some control mechanism that will somehow block work with the VM or prohibit access to the Internet if the external IP address does not match the one specified in the settings.
  2. the delay between changing the external IP and triggering the mechanism (blocking the VM or turning off Internet access) should be no more than 1 minute, preferably less.
  3. the mechanism should be as simple as possible to reduce operational errors ideally to 0%, even sacrificing ease of administration


Work example:
  1. just requested what external address we have, for example, from the service https://www.ipify.org/
  2. do nothing if the received external IP matches the one specified in the settings.
  3. in all other cases (failure to obtain an external address, the address does not match the specified one, etc.) disable operation
  4. if the mechanism worked and blocked access to the VM or access to the Internet, then the administrator manually unlocks


What ideas do you have for implementing such a mechanism?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
F
FragMaster, 2022-01-09
@FragMaster

In general, thank you all for your thoughts, you advised me exactly the approach that I planned, but did not cover the question in order to get an alternative vision.
As a result:
- raising the OVPN client + traffic routing will remain on pfSense
- wrote a script that will run in the VM and control the external IP and, if it is not the right one, block all network interfaces. The script is executed once every 1 minute.
https://gitlab.com/a.perminov/external-ip-monitor
- there is also a script that also checks if the external IP in all VMs intersects and sends notifications about problems to Discord
I think this will be enough...

Report
N
nApoBo3, 2022-01-08
@nApoBo3

The implementation of this functionality on the side of the virtual machine is potentially problematic.
You can do it in any scripting language, native to windows is powershell, plus a task scheduler.
See the link for an example:
woshub.com/get-external-ip-powershell
I didn't check it, but at first glance it looks like a working one.
You can block the network, for example, by disabling the network interface or deleting the route (but to delete the route, you need admin rights, i.e. your script must be run from a privileged account).
But I would recommend implementing this functionality on the network layer.
Please note that the regular windows license does not allow you to use the OS in a virtual machine.

Similar questions
F
Fedor Plaksin2019-01-22 13:44:28
Which system for the distribution of applications / logistics to choose? 2Reply
D
Den Totsky2014-08-13 21:17:00
Automating saving layers in Photoshop? 2Reply
R
RockFridrich2014-09-02 22:52:25
What is the best automated testing tool to cover iOS, Android, Windows Phone applications? 1Reply
H
Hordy2022-04-03 15:21:53
Search for illustrations for words, how to automate? 1Reply
F
Faksi2016-09-15 17:00:29
How to automate an online store? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question