LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 01-22-2007, 08:35 AM   #1
xylex_blaiste
LQ Newbie
 
Registered: Jan 2007
Posts: 7

Rep: Reputation: 0
Question why is IP all the same?


hello people, i would please love to hear your opinion on this.

i have 3 available public IPs on a dedicated server. i installed a proxy there and made it listen to those IPs.

for example:

http_port 192.168.1.2:3128 192.168.1.3:3129 192.168.1.4:3130

then i proceeded to test this, setting a browser to use proxy on the 3 IPs. going to ipchicken.com or whatismyip.com, i expected to get the 3 distinct IPs to show. instead, these services give me an IP which is the IP of the server, the one really bound to the ethernet device not just as a virtaul interface. and the IP that is showing is not among the 3 i use.

is this normal behavior if you use virtual interfaces? or am i missing something in the proxy configuration?
 
Old 01-22-2007, 09:46 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,791
Blog Entries: 54

Rep: Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980
http_port 192.168.1.2:3128 192.168.1.3:3129 192.168.1.4:3130
Those are LAN IP addresses which are only valid in traffic between your machine and your first-hop router, not out on teh intarweb. Then a proxy routes traffic by it's set address and would never show addresses it proxies for unless the X-forwarded-for header is set, AFAIK.
 
Old 01-22-2007, 09:53 AM   #3
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Also, note that whatsmyip and similar services will only give you one IP and it will generally be the IP of the interface that has the default route in your routing table. (Unless you specifically configure your software to bind locally to another interface, but that's beyond the scope of this document).
 
Old 01-22-2007, 10:16 AM   #4
xylex_blaiste
LQ Newbie
 
Registered: Jan 2007
Posts: 7

Original Poster
Rep: Reputation: 0
hi guys, thanks for the reply. i am only using the private IPs above as an example. for security reasons, i am not gonna post the public IPs i am using on this forum. sorry if i wasn't very clear above, but i am using live public IPs for proxy.

also, this server only has 1 physical interface. the rest are virtual interfaces.

would you please elaborate a bit on that binding thing. maybe give me a few hints so i can search it on Google. i have not encountered this on my googling so far and would love to learn about this approach.
 
Old 01-22-2007, 11:20 AM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
a) Hiding IPs for "security" reasons is useless, especially when the IPs are public! You get hit with more automated scans per day than any single person could begin to compete with by directly targeting your hosts. If there's an exploit out there, you're going to be hit with it eventually. Security by Obscurity is worthless. All you do is end up confusing and frustrating people who are trying to help you. Please use real IPs and domain names when submitting problems, it will help the rest of us solve your issue more quickly.

b) When a machine with multiple IPs opens a new outbound connection, it's always going to use the primary address on the NIC that the route goes out.
 
Old 01-22-2007, 11:57 AM   #6
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Normally, a client application (like a web browser) tells the operating system to "open a connection to A.B.C.D, port 80". If you write it differently, you can explicitly say "open a connection to A.B.C.D, port 80, from local connection E.F.G.H, port X". This is done by performing a bind() system call before the connect() call. (In reality, if you do connect() without bind first, connect does its own internal bind(), but you have no control over that).
 
Old 01-22-2007, 12:07 PM   #7
xylex_blaiste
LQ Newbie
 
Registered: Jan 2007
Posts: 7

Original Poster
Rep: Reputation: 0
ok thanks Chort on your answer (b). no need to "bite" me on this. appreciate your help very much.. .no pun intended.

a Big Thanks on all you guys.
 
Old 01-24-2007, 09:57 PM   #8
xylex_blaiste
LQ Newbie
 
Registered: Jan 2007
Posts: 7

Original Poster
Rep: Reputation: 0
by the way, set the tcp_outgoing_address to something if you don't want it to use the main server IP for outgoing traffic.. .
 
  


Reply

Tags
proxy, server


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT -5. The time now is 01:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration