why is IP all the same?

[xylex_blaiste]

hello people, i would please love to hear your opinion on this.

i have 3 available public IPs on a dedicated server. i installed a proxy there and made it listen to those IPs.

for example:

http_port 192.168.1.2:3128 192.168.1.3:3129 192.168.1.4:3130

then i proceeded to test this, setting a browser to use proxy on the 3 IPs. going to ipchicken.com or whatismyip.com, i expected to get the 3 distinct IPs to show. instead, these services give me an IP which is the IP of the server, the one really bound to the ethernet device not just as a virtaul interface. and the IP that is showing is not among the 3 i use.

is this normal behavior if you use virtual interfaces? or am i missing something in the proxy configuration?

[peter]

The reason for this is that the squid server makes all Internet connections on behalf all the web clients using The IP of it’s Internet facing NIC. It is default behavior.

The number of IP addresses it listens to on your private network doesn’t make a difference.

[xylex_blaiste]

hi Peter, thank you for this. this certainly puts some light on the problem now.

any suggestions on how i could possibly get around this? only 1 physical interface available.

[peter]

The only thing I can think of is multiple squid servers. If you put alias IP addresses on the NIC, the traffic will always have a source IP of the primary interface, not the aliases.

New inbound connections from the web will be able to hit the alias IPs, and the server will respond with the IP address of the alias, but connections originating from the server will always use the primary IP address.

Are you an ISP and want to have a different IP address per customer / department or something?

[xylex_blaiste]

nope, it’s for the company. i got like 3 publics IP i could use and boss wants monitoring of where people go…what they do most of the time, or limit where they could go. there’s like 3 offices too, separated geographically. not too far from each other but considerable enough. so i’m just gonna go 1 IP per office going to 1 server with just 1 outbound NIC. not too many pips gonna use it though, just 50 or less, all. we’re nowhere from big.

i have a OpenVPN setup and redirect-gateway is awfully slow.. . even LAN to LAN file transfers are slow. when downloading, its only like 30+kbps, and upstream is, strangely, faster by 10kbps more i don’t know what could be wrong, but i’ve like Googled a lot on this. a VPN hardware, is better. we’ve tried this but it’s expensive. can’t afford it. hehe.. .

[peter]

What sort of budget do you have? The Netscreen 5GT and Cisco ASA 5505 are in the $500 range and are quite capable if you don’t need redundancy, but want the hardware VPN acceleration.

[xylex_blaiste]

i think it was a company specializing in VPN that did it for us once. it was more like USD 1000/mo. not cheap.. . hehehe. ..

by the way, i missed the tcp_outgoing_address portion of the squid config. if you don’t set it, it will always go out via the main server IP.

[peter]

So you configured it so that the queries go out on a specific IP address that depends on the network address range of each office. I didn’t know that was possible. You learn something new every day.

I guess you did something like this in this link that explains how to map your squid server’s Internet proxy IP address to specific source networks of your browser clients.

Thanks for the update.

[fruit]

i can suggest u one in future u want clarify any ip address related…visit this http://www.ip-details.com/ I’m sure it would assist u