I have a Go service, deployed on Heroku, which pulls the IPv4 address from the request header successfully.
ip := net.ParseIP(strings.Split(r.Header.Get("X-Forwarded-For"), ",")[0]).String()
I have deployed the identical code as a service to Google Cloud, and the IP addresses are frequently IPv6 in about 25% of the time. After examining the full Request Header, there is no IPv4 address available anywhere, only IPv6.
Heroku's Request Header X-Forwarded-For ALWAYS contains the IPv4 address, yet Google Cloud doesn't. Does anyone know a way to force the IPv4 format for Request Headers in Google Cloud?
Clients can connect via IPv4 or IPv6 but not both. Only one address family will be used by the client and only one IP address will be recorded by the proxy.
Additional information:
Heroku does not support IPv6 so clients are forced to connect using IPv4. reference
If you only want IPv4 connections, do not enable the IPv6 frontends. However, I recommend using IPv6 where possible.
Related
Researching on how a server can figure out a client's IP address, I see that one needs to inspect the X-Forwarded-For header chain.
I understand that the client, ISP, and then routers and proxies declare their IP addresses there.
However, the server handler also has access to req.RemoteAddr field to read the client's IP address. How is that RemoteAddr determined exactly? Is it based on a specific header in the request? If yes, which one(s)?
I have tried inspecting the usage of the field and how it is set but the implementation details are hidden behind an interface.
The net/http server sets RemoteAddr to the string form of the network connection's remote address. The string is typically in the format "IP:port".
In the case of a TCP connection (the typical scenario), the network connection remote address is taken from the IP source address and the TCP source port.
The address can be the address of the client or a proxy.
The net/http server does not consider the headers when setting RemoteAddr.
I am using my own squid proxy server,when I check my ip address on whatismyip.com, it show the ip address of my proxy server.
But, when I check on speedtest.net, I found that they can track my client IP.
Is there any ways to prevent my real IP being detected ???
Your IP is provided by your ISP (internet service provider) and speedtest.net picks up your gateway/router.
Thus "trying" to hide behind a proxy would not have any effect.
This is a noob question, but networking isn't my forte. For example if I have an ipv4 server and an ipv6 client connects, what would their ip show as? Also if I wanted to setup a socket connection for example, does my server have to be ipv6 too, or does the code just need to be able to handle it.
I have researched how code handling works, but nothing says if the server has to be ipv6, itself.
IPv4 and IPv6 are not directly compatible. In most installations, a client will have both an IPv4 and an IPv6 address, and will use whichever one is appropriate to connect to a server. That is, they will use their IPv4 address to connect to an IPv4 server, IPv6 to connect to an IPv6 server, and will preferentially choose one of the two — usually IPv6 — if a server supports both.
IPv4-only clients cannot connect to IPv6 servers. Unless you intend to provide a service to IPv6 users only, you will need to provide your service on IPv4, or on both protocols, to support IPv4 clients.
IPv4 and IPv6 are separate incompatible protocols. An IPv6 client cannot connect directly to a server running only IPv4.
A connection is possible if an intervening router or switch maps from the IPv6 protocol to IPv4, or if the server runs both protocols. However, the IPv6 client is still maintaining an IPv6 connection and is unaware of any IPv4 connection.
http://ipfuck.paulds.fr/
We've been recently getting hammered by this Firefox plug-in. It sends a fake IP in the headers so when our nginx web server picks up the IP it is a fake one.
Is there any way to get a real IP address or block out requests that have this plug-in installed?
There is actually no client IP entries in any HTTP Headers. There are only some un-official proxy headers which are added to a request, so that a proxy server can tell you the real ip of the connecting client (since the tcp socket will only reveal the IP address of the proxy server).
The plugin you linked to adds those proxy headers, to "fake" a proxy request, by adding a X-Real-IP: 1.2.3.4 or X-Forwarded-For: 1.2.3.4 header to the request. But no one forces you to use that IP address (which can be fake, like the 1.2.3.4 example here), you can always use the IP address of the socket that initiated the connection - which will be the client's real IP address if he uses the mentioned plugin.
Within the location section of your nginx configuration, you get the socket IP address through the $remote_addr variable. To retrieve the "fake" IP address, you can use $http_x_forwarded_for or $http_x_real_ip variable.
If you are using any application/cgi backend, you usually can examine the full headers and the socket IP address (i.e. in PHP you should check $_REQUEST and $_HEADERS variables)
Although most of the hosts have ipv6 address now, there are still some hosts that only have ipv4. In my LAN, connections using ipv4 will cost money, while connections using ipv6 is free. I want to implement a proxy to convert ipv4 and ipv6 request, so that I can connect to ipv4 host free.
Is it possible to implement that? And is there any available software?
This largely depends on the devices, services/protocols and the direction you want to connect in.
NAT64/DNS64
With NAT64/DNS64 you can let IPv6-only clients connect to IPv4-only servers. The system looks up the name of the server it wants to connect to using the DNS64 server. If the DNS64 server sees that only an IPv4 address is available it will replace the IPv4 address of the server with a special IPv6 address in which it has encoded the original IPv4 address. When the IPv6-only system connects to that IPv6 address the NAT64 router knows that the intention is to connect to the IPv4 address encoded in the IPv6 address and it will set up a NAT session to that IPv4 address. The NAT64 box needs to have both an IPv4 and IPv6 address to be able to do this.
HTTP Proxy
If you only want to support HTTP and similar protocols then you might be able to use an HTTP proxy server. It will need to have both an IPv4 and IPv6 address, and your applications/devices need to support using a proxy server. It will work both for IPv4-only clients and IPv6-only servers and vice-versa.
SOCKS5
A SOCKS5 proxy server can also be used in the same way that an HTTP proxy server can be used, but with a wider variety of protocols. Your clients need to support it though.
Other
There are other more application-specific ways to proxy between IPv4 and IPv6. The few mentioned above are just to give you an idea of common ones.