Cable modems that I've had experience with supplies only ONE outside IP address. I suspect that you will probably have to get your ISP to supply you with two cable modems.

I doubt that you could adjust the cable modem to dispense ( r:s:t:u and r:s:t:v) or (w:y:z:0 and w:y:z:1) without paying something extra to your ISP, IF they'd allow it at all.

Jerry's correct. Somehow, you are going to need two WAN IP addresses.

An alternative would be to trick the Roku into thinking it's connected to Unblock-Us while it sets up DHCP. How? By configuring a DHCP on your computer that supplies Unblock-Us's DNS server IPs. Once the provisioning process has finished, you can remove the DHCP server from your PC.

See this guide: http://www.avforums.com/threads/guid...-easy.1776722/ It's written for Windows, but you can probably adapt it for Linux. It's really clever.

Beyond this being a $5 per month VPN proxy server, I don't completely understand how this and other services work. I also reside in Canada and get free network via the university, being a student, I also use a proxy from a friend with a small business in the states. So when servers do an IP search it comes up as Michigan and not Windsor, ON. This is how I run 100% of my time these days. I can and have Netflix etc.. not one issue.

Also being a campus there are very few proxies that work with this network. However from what I am reading above, you sound like you are using two separate ISPs and trying to bridge them? I really wish I understood this networking stuff better. I got lucky having a friend in the states with the knowledge to set me up.

Jerry:

Right....

I had forgotten that the switches that I have been using at home to gain more ports split the subnet, which is under the control of the router. The WAN side is NOT under the control of the router, but would rather be under the control of my ISP's router. (Or, at least, I THINK that is how it works).

Oh well.

So far, everything works fine here at home anyway when going through the proxy, including being able to access our online banking. That was the one I was concerned about, as the bank is fussy when we go to the States and try to access the account through my Android hotspot running on a US SIM card.

We have a week free before I have to pay the nice man, so if nothing untoward comes up, I won't bother worrying about the Canadian IP address. In addition, the people who provide this service say that I can switch back and forth between US or Canadian IP address, so that is also an option. Not sure how to do that, but I guess I could read the documentation more fully and/or contact the provider.


Simon:

I think the reverse is what I am trying to do. One ISP, but two WAN side IP addresses.



Thanks, all.

Frank.

That's what you need. You'll need to contact your ISP to figure out what they can offer. Many will provision multiple static IPs, but this is always more expensive than one dynamic IP.

Proxies change the source IP address of your traffic. What the destination sees is the source IP address of the proxy server. When the destination generates replies, those are sent to the proxy server. The proxy server rewrites the headers in the datagrams, changes the destination address to yours, and sends the traffic there.

More detail. Your computer generates a datagram with a source IP address and a random ("ephemeral") source port number. Let's say 1.2.3.4:50001. The datagram is addressed to some place on the Internet: 11.22.33.44:80 (80/tcp is the port for HTTP). So we have the flow 1.2.3.4:50001 <-> 11.22.33.44:80. The datagram arrives at the proxy. The proxy opens a connection to the destination, using its own source address and an available port. Let's say 6.7.8.9:70004. So the proxy has the flow 6.7.8.9:70004 <-> 11.22.33.44:80. Furthermore, the proxy creates a mapping: 6.7.8.9:70004 == 1.2.3.4:50001. It needs to keep track of each session so that it can deliver return traffic appropriately.

The destination creates a reply datagram. Remember, the destination only saw a connection from the proxy, so it replies using the existing flow 11.22.33.44:80 <-> 6.7.8.9:70004. The proxy receives this and consults its mapping. It rewrites the IP and TCP/UDP headers and sends the traffic to 1.2.3.4:50001. This behavior is called "forward transparent proxying."

And, as long as the proxy maintains that "mapping", which it must as long as traffic is flowing between the source and destination, the source IP is vulnerable to detection if the proxy server is compromised, or is a honey pot.

Yes, that's why proxy servers represent a risk that many people don't think about. Often, the risk is of the "don't care" variety -- you're using the proxy so that you can get around country-specific content restrictions; who cares if someone intercepts the traffic? It's public and unencrypted anyway. You would not want to use any public proxy for sensitive communications. Tor is much better in those cases.

Or, from my experience having accidentally set up an open proxy and had the luxury of browsing through the log files afterwards... looking at pages with URLs like "college babes do lots of naughty things".

Glad I caught that one reasonably quickly...

Fixed that for ya

The ultimate double bluff: pretending to accidentally run a proxy so you can look at naughty websites and claim it was someone else.

So you have managed to:

• Get unknown accounts showing up in your Citadel deployment
• Allow SMTP relaying
• Run an open proxy

Mighty impressive! Did I forget anything?

Steve:

So, my understanding is that one has no greater risk using an open proxy than using unencrypted http in the first place, right? As long as you feel no need to hide what you are sending, then it is potato, potahto.

Frank.

Yep.

Interesting: Comparison of proxies, proxy chains, VPNs, and Tor