If your machine has multiple interfaces, the source IP of outgoing connections will be the interface of the default route:
[email protected]:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- eth0 - u/u eth0.101 10.254.0.51/24 u/u eth0.115 20.30.40.2/24 u/u 20.30.40.1/24 lo 127.0.0.1/8 u/u ::1/128 [email protected]:~$
[email protected]:~$ show ip route 0.0.0.0 Routing entry for 0.0.0.0/0 Known via "ospf", distance 110, metric 10, best Last update 16:36:34 ago * 10.254.0.251, via eth0.101, weight 1 * 10.254.0.252, via eth0.101, weight 1 [email protected]:~$
When this machine connects out to the internet, it will establish a connection from eth0.101, which is the default route. However, as that's a RFC1918 address, it will not have internet connectivity unless something upstream is doing NAT.
Historically, in Cisco land, this was resolved by having a loopback interface that the device used as a source IP, but that is becoming harder and harder to manage.
A simpler option would be to an option to add system image of from (or, preferably, a system configuration parameter?) that sets the --interface and related dns params to curl:
--dns-interface <interface> Interface to use for DNS requests
--dns-ipv4-addr <address> IPv4 address to use for DNS requests
--dns-ipv6-addr <address> IPv6 address to use for DNS requests
--dns-servers <addresses> DNS server addrs to use
...
--interface <name> Use network INTERFACE (or address)This means that the add system image command could be something like this;
add system image https://downloads.vyos.io/rolling/current/amd64/vyos-1.3-rolling-202006141853-amd64.iso from eth0.115
However, the current curl binary itself has the --dns-interface command removed, which makes this harder.
[email protected]:~$ curl --dns-interface eth0.115 --interface eth0.115 https://downloads.vyos.io/rolling/current/amd64/vyos-1.3-rolling-202006141853-amd64.iso -O /tmp/vyos.iso curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision. curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision. [email protected]:~$
A workaround for the missing curl DNS feature issue is to hard-code the downloads.vyos.io IP address (which, admittedly, IS A TERRIBLE IDEA), and pass that as a curl param, as well:
[email protected]:~$ curl --resolve downloads.vyos.io:443:185.144.208.249 --interface eth0.115 https://downloads.vyos.io/rolling/current/amd64/vyos-1.3-rolling-202006141853-amd64.iso -o /tmp/vyos.iso % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 314M 100 314M 0 0 10.7M 0 0:00:29 0:00:29 --:--:-- 12.0M [email protected]:~$ ls -al /tmp/vyos.iso -rw-r--r-- 1 vyos users 329252864 Jun 14 20:44 /tmp/vyos.iso [email protected]:~$
Edit, with a thought later: Rather than hard-coding IP addresses (which is guaranteed to break someone in the future), dig has a 'bind' param:
[email protected]:~$ dig -bPUB.IP.ADD.RESS +short downloads.vyos.io A | awk '/^[0-9\.]+$/' 185.144.208.249 [email protected]:~$
Which means this could be used to generate the --resolve line:
dig -bPUB.IP.ADD.RESS +short download.vyos.io | awk '/^[0-9\.]+$/ { printf (!x) ? "--resolve downloads.vyos.io:443:"$0 : ","$0; x=1}'