Announcement

Collapse
No announcement yet.

Using Secondary IP for Proxy?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Using Secondary IP for Proxy?

    I have a server running Ubuntu(Precise) but I have installed the kubuntu-desktop package so I hope you guys don;t mind me asking here vs the ubuntu forums. The box has a primary IP from France and a "fail over ip" from Ireland. There is no way to reconfigure the primary IP and I need to use the Ireland based IP as a SOCKS proxy. I am using Firefox with Quick Proxy and using Putty to establish an ssh connection to the box. My host tried setting up a second ssh config that uses port 10022. This way if you connect to an ssh session using port 22 it would use the France IP and if you connect using port 10022 it would use the Ireland based IP. Well we were able to get ssh to accept a connection on port 10022 and I am using the Ireland based IP in the hostname/ip box. However when I log in to port 10022, www.whatismyip.com still shows the France IP instead of the Ireland based IP. Can any one suggest how to configure the box to relay the Ireland based IP as my proxy ip rather then the France IP?

    I have rushed to type this so sorry if I missed important details or made this confusing. Just ask and I can clarify or provide details.
    Last edited by Xplorer4x4; Sep 26, 2012, 09:41 AM.
    OS: Kubuntu 12.10/Windows 8
    CPU: Intel Core i7 2600K
    Motherboard: Gigabyte GA-Z77X-UD5H
    Memory: 2x4GB Corsair Dominator
    Graphics Card: MSI R7770
    Monitor: Dell 2208WFP
    Mouse: Mionix NAOS 5000
    PSU: Corsair 520HX
    Case: Thermaltake Mozart TX
    Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C
    Hard Drives: 1x180 GB Intel 330 SSD - 1xWD 1 TB Caviar Black - 1xWD 2 TB Caviar Green - 2xWD 3 TB Caviar Green

    #2
    So much help one minute and absolutely none the next. Some times I just don't understand this place. :scratches head:
    OS: Kubuntu 12.10/Windows 8
    CPU: Intel Core i7 2600K
    Motherboard: Gigabyte GA-Z77X-UD5H
    Memory: 2x4GB Corsair Dominator
    Graphics Card: MSI R7770
    Monitor: Dell 2208WFP
    Mouse: Mionix NAOS 5000
    PSU: Corsair 520HX
    Case: Thermaltake Mozart TX
    Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C
    Hard Drives: 1x180 GB Intel 330 SSD - 1xWD 1 TB Caviar Black - 1xWD 2 TB Caviar Green - 2xWD 3 TB Caviar Green

    Comment


      #3
      Just because a question is asked doesn't mean that there is an immediate answer. The collective 'we' here in KFN don't know, or have all the answers to, every question. Be patient.
      Windows no longer obstructs my view.
      Using Kubuntu Linux since March 23, 2007.
      "It is a capital mistake to theorize before one has data." - Sherlock Holmes

      Comment


        #4
        Originally posted by Snowhog View Post
        Just because a question is asked doesn't mean that there is an immediate answer. The collective 'we' here in KFN don't know, or have all the answers to, every question. Be patient.
        Yep 24 hours latter..I was so impatient and expected an "immediate" answer..

        As for not having all the answers, of course. With all due respect, I been using forums for far to long not to realize this. However, in this case, we are dealing with something as simple as assigning a primary and secondary IP and relaying that through an ssh tunnel. I find it a bit hard to believe that out of the 20+ views on the thread, not to mention a guru like your self, can't figure out something small like this.
        OS: Kubuntu 12.10/Windows 8
        CPU: Intel Core i7 2600K
        Motherboard: Gigabyte GA-Z77X-UD5H
        Memory: 2x4GB Corsair Dominator
        Graphics Card: MSI R7770
        Monitor: Dell 2208WFP
        Mouse: Mionix NAOS 5000
        PSU: Corsair 520HX
        Case: Thermaltake Mozart TX
        Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C
        Hard Drives: 1x180 GB Intel 330 SSD - 1xWD 1 TB Caviar Black - 1xWD 2 TB Caviar Green - 2xWD 3 TB Caviar Green

        Comment


          #5
          I'm confused about what a "secondary IP address" is here. You can connect to a proxy anywhere, of course, but you seem to be say the ubuntu server has interfaces in both France and Ireland ... which would be very odd unless you have network links outside the internet.

          The Firefox instance you're connecting from - is that on this server or a client trying to connect to the server?
          I'd rather be locked out than locked in.

          Comment


            #6
            Its a ubuntu box with 2 ip addresses. The server is physically in france so naturally it's original IP will be from france. Then I have a second IP address. I had the option to select the the geo location of the second IP. The ui defaults to Ireland, so I just choose Ireland. So when I use the box for a proxy connection, and I go to whatismyip.com using firefox(client side) it always displays my IP as the France IP. The france IP will only accept ssh sessions from port 22. The ireland IP only accepts ssh connections on 10022. Yet regardless of what IP and port I use to make an ssh tunnel to the box, my client side IP is always reported as the france based ip. The france IP is functioning on eht0 and eht0:0 while the Ireland based IP is on eht0:1 I believe. If it helps I can post my network configuration file tomorrow. Like I said I am happy to provide more details or try to clear up any confusion. Just ask.

            Sent from my DROID2 Global
            OS: Kubuntu 12.10/Windows 8
            CPU: Intel Core i7 2600K
            Motherboard: Gigabyte GA-Z77X-UD5H
            Memory: 2x4GB Corsair Dominator
            Graphics Card: MSI R7770
            Monitor: Dell 2208WFP
            Mouse: Mionix NAOS 5000
            PSU: Corsair 520HX
            Case: Thermaltake Mozart TX
            Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C
            Hard Drives: 1x180 GB Intel 330 SSD - 1xWD 1 TB Caviar Black - 1xWD 2 TB Caviar Green - 2xWD 3 TB Caviar Green

            Comment


              #7
              Oh - so the "Ireland" address, on eth0:1, is a virtual address not a separate physical interface. Not sure if this makes a difference ... if it does, it's rocket science to me. Also I haven't works with SOCKS proxies. Might be more rocket science.

              I think a network diagram would be more useful than just the config files. Is this right: you have a client computer ('client') and a separate server computer ('server') in France with these two virtual interfaces. You want to run firefox on 'client', using 'server' as a socks proxy, and from there go out to the internet?

              Seems to be that whatever rules you have for accepting ssh connections on the interfaces at 'server' have no bearing on the (http/https/etc) sessions running from the server to the general internet. They are just going to go out on the primary interface, unless you block outbound port 80/441 on that interface.
              I'd rather be locked out than locked in.

              Comment


                #8
                You pretty much nailed it on the head. Although I would like to try to avoid blocking access in the manner you described if possible.
                OS: Kubuntu 12.10/Windows 8
                CPU: Intel Core i7 2600K
                Motherboard: Gigabyte GA-Z77X-UD5H
                Memory: 2x4GB Corsair Dominator
                Graphics Card: MSI R7770
                Monitor: Dell 2208WFP
                Mouse: Mionix NAOS 5000
                PSU: Corsair 520HX
                Case: Thermaltake Mozart TX
                Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C
                Hard Drives: 1x180 GB Intel 330 SSD - 1xWD 1 TB Caviar Black - 1xWD 2 TB Caviar Green - 2xWD 3 TB Caviar Green

                Comment


                  #9
                  As I understand it, what you have found is working the way it's supposed to ... and if you want http sessions originating from your server (or proxying through it) to come from a particular virtual interface, you're going to have to apply some routing or iptables blocking to the http traffic on the server. I'm not familiar with these techniques though.
                  I'd rather be locked out than locked in.

                  Comment


                    #10
                    So can anyone elaborate on the rules I need to implement this? I would really appreciate it as iptables always does my head in for some reason.

                    Sent from my DROID2 Global
                    OS: Kubuntu 12.10/Windows 8
                    CPU: Intel Core i7 2600K
                    Motherboard: Gigabyte GA-Z77X-UD5H
                    Memory: 2x4GB Corsair Dominator
                    Graphics Card: MSI R7770
                    Monitor: Dell 2208WFP
                    Mouse: Mionix NAOS 5000
                    PSU: Corsair 520HX
                    Case: Thermaltake Mozart TX
                    Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C
                    Hard Drives: 1x180 GB Intel 330 SSD - 1xWD 1 TB Caviar Black - 1xWD 2 TB Caviar Green - 2xWD 3 TB Caviar Green

                    Comment


                      #11
                      Anyone?
                      OS: Kubuntu 12.10/Windows 8
                      CPU: Intel Core i7 2600K
                      Motherboard: Gigabyte GA-Z77X-UD5H
                      Memory: 2x4GB Corsair Dominator
                      Graphics Card: MSI R7770
                      Monitor: Dell 2208WFP
                      Mouse: Mionix NAOS 5000
                      PSU: Corsair 520HX
                      Case: Thermaltake Mozart TX
                      Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C
                      Hard Drives: 1x180 GB Intel 330 SSD - 1xWD 1 TB Caviar Black - 1xWD 2 TB Caviar Green - 2xWD 3 TB Caviar Green

                      Comment


                        #12
                        I may have found an answer but I am getting an error.

                        Rules:
                        Code:
                        iptables -t mangle -A PREROUTING -d 1.1.1.1 -j MARK --set-mark 1
                        iptables -t mangle -A PREROUTING -d 1.1.1.2 -j MARK --set-mark 2
                        iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 1 -j SNAT --to 1.1.1.1
                        iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 2 -j SNAT --to 1.1.1.2
                        Error:
                        MARK: Could not determine whether revision 2 is supported, assuming it is.
                        MARK: Could not determine whether revision 2 is supported, assuming it is.
                        iptables v1.4.12: can't initialize iptables table `mangle': Table does not exist (do you need to insmod?)
                        Perhaps iptables or your kernel needs to be upgraded.
                        I did some googleing and it sounds like I have to rebuild the kernel. Surely there is an easier method.
                        OS: Kubuntu 12.10/Windows 8
                        CPU: Intel Core i7 2600K
                        Motherboard: Gigabyte GA-Z77X-UD5H
                        Memory: 2x4GB Corsair Dominator
                        Graphics Card: MSI R7770
                        Monitor: Dell 2208WFP
                        Mouse: Mionix NAOS 5000
                        PSU: Corsair 520HX
                        Case: Thermaltake Mozart TX
                        Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C
                        Hard Drives: 1x180 GB Intel 330 SSD - 1xWD 1 TB Caviar Black - 1xWD 2 TB Caviar Green - 2xWD 3 TB Caviar Green

                        Comment


                          #13
                          I am an idiot, I forgot to sudo the commands. When using sudo I get no error output. So I managed to get those rules to save by using sudo sh -c "iptables-save > /etc/iptables.rules" and rebooting. Sadly it did not work. It was assumed that would use the ip address you connect to and use that as the output IP. So I had another rules to try. I flushed iptables and then tried:
                          sudo iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 80 -j SNAT --to 1.1.1.1
                          then
                          sudo sh -c "iptables-save > /etc/iptables.rules"
                          then sudo reboot. After rebooting I run sudo iptables -L and the rule is not listed. What Am I doing wrong?
                          Last edited by Xplorer4x4; Sep 24, 2012, 06:02 PM.
                          OS: Kubuntu 12.10/Windows 8
                          CPU: Intel Core i7 2600K
                          Motherboard: Gigabyte GA-Z77X-UD5H
                          Memory: 2x4GB Corsair Dominator
                          Graphics Card: MSI R7770
                          Monitor: Dell 2208WFP
                          Mouse: Mionix NAOS 5000
                          PSU: Corsair 520HX
                          Case: Thermaltake Mozart TX
                          Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C
                          Hard Drives: 1x180 GB Intel 330 SSD - 1xWD 1 TB Caviar Black - 1xWD 2 TB Caviar Green - 2xWD 3 TB Caviar Green

                          Comment


                            #14
                            No help with iptables?
                            OS: Kubuntu 12.10/Windows 8
                            CPU: Intel Core i7 2600K
                            Motherboard: Gigabyte GA-Z77X-UD5H
                            Memory: 2x4GB Corsair Dominator
                            Graphics Card: MSI R7770
                            Monitor: Dell 2208WFP
                            Mouse: Mionix NAOS 5000
                            PSU: Corsair 520HX
                            Case: Thermaltake Mozart TX
                            Cooling: Thermalright TRUE Black Ultra-120 eXtreme CPU Heatsink Rev C
                            Hard Drives: 1x180 GB Intel 330 SSD - 1xWD 1 TB Caviar Black - 1xWD 2 TB Caviar Green - 2xWD 3 TB Caviar Green

                            Comment


                              #15
                              If you don't get much help with iptables here, it might be worth trying www.linuxquestions.org - the topic has been discussed quite a bit there.
                              I'd rather be locked out than locked in.

                              Comment

                              Working...
                              X