giving a different answer to external vs VPN hosts

[vielmetti]

I have a couple of machines in a Tailscale network, where there's an internal VPN address (on tailscale0) and an external address (on eth0). Some of those systems are behind home firewalls. I'd like to run finger2020 everywhere.

I'd also like to have finger2020 give different answers depending on which IP address gets the query, so that I can use finger for some details for the private VPN hosting, and provide something else if someone hits it from a public address.

I think this is more about how to configure systemd to bend it to my will, rather than this code here which is as far as I can tell perfectly suited for the task. So it's not a bug report, more a configuration question.

[vielmetti]

the hint I'm following is the systemd "ListenStream" where you can bind the listener to a specific IP address, documented at https://www.freedesktop.org/software/systemd/man/systemd.socket.html

[vielmetti]

the thing that worked was to create mulitple ".socket" files, and in each one put an appropriate interface, e.g.

BindToDevice=eth0

and then associate each one with a separate ".service" file that invoked finger2020 in an appropriate way (different users, different answers).

No changes to the codebase needed, and I don't know how useful in general this info will be.

[vielmetti]

A writeup is here

https://vielmetti.typepad.com/logbook/2021/05/using-bindtodevice-in-systemd-socket-files-to-serve-network-specific-content.html