LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   why is IP all the same? (http://www.linuxquestions.org/questions/linux-networking-3/why-is-ip-all-the-same-521677/)

xylex_blaiste 01-22-2007 07:35 AM

why is IP all the same?
 
hello people, i would please love to hear your opinion on this.

i have 3 available public IPs on a dedicated server. i installed a proxy there and made it listen to those IPs.

for example:

http_port 192.168.1.2:3128 192.168.1.3:3129 192.168.1.4:3130

then i proceeded to test this, setting a browser to use proxy on the 3 IPs. going to ipchicken.com or whatismyip.com, i expected to get the 3 distinct IPs to show. instead, these services give me an IP which is the IP of the server, the one really bound to the ethernet device not just as a virtaul interface. and the IP that is showing is not among the 3 i use.

is this normal behavior if you use virtual interfaces? or am i missing something in the proxy configuration?

unSpawn 01-22-2007 08:46 AM

http_port 192.168.1.2:3128 192.168.1.3:3129 192.168.1.4:3130
Those are LAN IP addresses which are only valid in traffic between your machine and your first-hop router, not out on teh intarweb. Then a proxy routes traffic by it's set address and would never show addresses it proxies for unless the X-forwarded-for header is set, AFAIK.

Matir 01-22-2007 08:53 AM

Also, note that whatsmyip and similar services will only give you one IP and it will generally be the IP of the interface that has the default route in your routing table. (Unless you specifically configure your software to bind locally to another interface, but that's beyond the scope of this document).

xylex_blaiste 01-22-2007 09:16 AM

hi guys, thanks for the reply. i am only using the private IPs above as an example. for security reasons, i am not gonna post the public IPs i am using on this forum. sorry if i wasn't very clear above, but i am using live public IPs for proxy.

also, this server only has 1 physical interface. the rest are virtual interfaces.

would you please elaborate a bit on that binding thing. maybe give me a few hints so i can search it on Google. i have not encountered this on my googling so far and would love to learn about this approach.

chort 01-22-2007 10:20 AM

a) Hiding IPs for "security" reasons is useless, especially when the IPs are public! You get hit with more automated scans per day than any single person could begin to compete with by directly targeting your hosts. If there's an exploit out there, you're going to be hit with it eventually. Security by Obscurity is worthless. All you do is end up confusing and frustrating people who are trying to help you. Please use real IPs and domain names when submitting problems, it will help the rest of us solve your issue more quickly.

b) When a machine with multiple IPs opens a new outbound connection, it's always going to use the primary address on the NIC that the route goes out.

Matir 01-22-2007 10:57 AM

Normally, a client application (like a web browser) tells the operating system to "open a connection to A.B.C.D, port 80". If you write it differently, you can explicitly say "open a connection to A.B.C.D, port 80, from local connection E.F.G.H, port X". This is done by performing a bind() system call before the connect() call. (In reality, if you do connect() without bind first, connect does its own internal bind(), but you have no control over that).

xylex_blaiste 01-22-2007 11:07 AM

ok thanks Chort on your answer (b). no need to "bite" me on this. appreciate your help very much.. .no pun intended. ;)

a Big Thanks on all you guys.

xylex_blaiste 01-24-2007 08:57 PM

by the way, set the tcp_outgoing_address to something if you don't want it to use the main server IP for outgoing traffic.. .


All times are GMT -5. The time now is 10:46 AM.