ykd
August 4, 2022, 2:51pm
1
Hi,
Our instance public IP is 213.188.198.xx but when I hit curl ifconfig.me it returns 205.234.240.66
Is it possible to route outgoing requests from the instance’s public IP, or have fixed outbound IP?
It will would be of the great help with setting up firewall rules
1 Like
greg
August 4, 2022, 3:05pm
2
Unfortunately no. So that’s not possible:
Yes that’s the best way to do it! We don’t have stable outbound IPs yet, so IP restrictions are a no go. They’re also pretty brittle and doing wireguard peers is a much better answer for talking to private services.
Sample request thread:
Hi there,
I don’t think this is something that Fly currently does, but is there any way to set an IP address (or a list/range) that a fly app will use to make requests to external hosts? I’d really like to be able to reliably whitelist Fly apps by IP/list/range/whatever.
I run reverse proxies, and occasionally one or more Fly IPs will get blacklisted by an external host. Since some requests go out through different Fly IP addresses to the external host, we get an intermittent “sometimes it mak…
1 Like
ykd
August 4, 2022, 3:14pm
3
Understood. For our scale setting up a WireGuard tunnel is a bit of a configuration overhead, but I guess that’s the way to go.
@greg can I have a Fly.io network so that I can at least temporary narrow down rule to the Fly.io block instead of whole internet
greg
August 4, 2022, 3:22pm
4
Alas … no. At least based on this thread. Check the replies from Jerome and Thomas:
What kind of IP restriction are you planning on adding? Filtering based on remote IP address?
If that’s the case, our AS40509 IPs may not be the ones you see. You’ll most likely see each individual server’s IP addresses which aren’t assigned to our AS. Unfortunately that means there’s no specific range of IPs we can publish. We could publish each one of our IPs though
The closest thing would be to request the IPs a region uses. So if your app is in ams, you could get its current IP range. However the rather big flaw in that plan is that those IPs may change at any moment. See:
There are a lot of IPs these could be in Amsterdam, and they could change at any time. If it gets you unstuck you can use them but your life will be way easier if you find some other way to get this working.
Right now they’ll need to allow:
104.225.98.0/24
145.40.96.0/24
147.75.85.0/24
104.225.98.0/24
147.75.87.0/24
Can something like this be configured ? If so, could you suggest the best way to do it. Thanks
?