Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The strange bug is that just in the fist conection through any of these IPs, myip.com shows the outgoing IP of my server instead of one of those IPs above.
For any other conection through the same IPs after the first, myip.com shows the correct outgoing IP.
Any clue of why?
I thought maybe it could be something related with authentication...
I have more than 10 Vboxes with exact same problem runing ubuntu 16.
if the 2nd connection comes from a different IP, does it still show the wrong IP?
sounds like a possible timing bug. if the 2nd connection works OK even if it comes from a different IP, then a workaround would be to trigger a connection through it right after it starts. that could also be a nice way to verify it is up (if that script doesn't get a response, it could report a problem).
The problem in deed is only in the first time connection.
In the this first connection squid is really leaking the client's IP.
This is a big problem for the kind of customers I have.
You said "workaround would be to trigger a connection through it right after it starts"
so it leaks per client. if you restart it today and a client comes back from overseas next week and uses it then, it will still leak their IP once even though other users have used this for thousands of requests?
where you say "with 125 address in interfaces" is "125" part of an address or a count of addresses?
i'd set up some kind of port forwarding to obscure client IP addresses if your authentication is not based on IP (a bad design).
you would have a script to restart it and a script to trigger a connection. the script to restart it would then run the trigger script. you also want the trigger script to run when the system boots up.
the trigger script should sleep a minute or two to let squid get going. then it would run "curl" or a program like that to access a safe web page, like your own.
"if you restart it today and a client comes back from overseas next week and uses it then, it will still leak their IP once even though other users have used this for thousands of requests?"
Actually it is a bit hard to replicate the problem now.
If I test with scrapebox's proxy manager all IPs of my 10 Vboxes each one with around 125 IPs in squid, I will have around 4% of "the proxy leaks your ip" message.
I have managed to increase this just reading a lot about squid.conf best practices and implementing some code.
But I cant get rid of this 4%.
I also implemented web caching and I have plans to get rid of this htpasswd and change authentication for source IP based authentication as you have suggested.
"you would have a script to restart it and a script to trigger a connection. the script to restart it would then run the trigger script. you also want the trigger script to run when the system boots up"
My concert about this workaround is timing.
I run this IPs as proxies and response time is a key to success.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.