Search squid archive

Re: unable to see client ip address in log file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



prophetmr wrote:
i can save you the trouble of looking at the conf file everything is default
except i set it to
http_port 192.168.3.107:3128 transparent

using 2.7 defaults,the reason i did that is im divorced and running squid
transparent is so i dont have to set the browsers to proxy everytime i have
the kids and reset it before they go to their mothers. It may be something
in my router that is making everything show as 192.168.3.1 in the logs i
have the firewall running this script on boot

# nvram set rc_firewall="
#!/bin/sh
INTERNAL_NETWORK="192.168.3.1/24"
ROUTER_IP="192.168.3.1"
PROXY_SERVER="192.168.3.107"
PROXY_PORT="3128"
if [ -z $TRANSPARENT_PROXY ]; then
  /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s $INTERNAL_NETWORK \
    -d $INTERNAL_NETWORK -p tcp --dport 80 -j ACCEPT
  /usr/sbin/iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_SERVER -p tcp
--dport 80 \
    -j DNAT --to $PROXY_SERVER:$PROXY_PORT
  /usr/sbin/iptables -t nat -A POSTROUTING -o br0 -s $INTERNAL_NETWORK -p
tcp -d \
    $PROXY_SERVER -j SNAT --to $ROUTER_IP
  /usr/sbin/iptables -t filter -I FORWARD -s $INTERNAL_NETWORK -d
$PROXY_SERVER -i br0 \
    -o br0 -p tcp --dport $PROXY_PORT -j ACCEPT
  export TRANSPARENT_PROXY="1"
else
  echo /"This script has already run!"
  echo /"If it hasn't, unset \$TRANSPARENT_PROXY manually via the shell."
fi
"
[Ctrl+D]
# nvram commit

There you go. It's the way you are doing interception.
NAT is a destructive process, it drops the original source IPs from the IP-layer information. Thats just the way NAT operates.

What you want to do instead is selectively route the port 80 traffic to the squid box and do the intercept NAT there instead of on the router.
see
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute

for an example of how to set that up at the router.
The linked REDIRECT page has rules for the Squid box setup.

Amos


the way its set up now i have the kids connect via wireless to the router on
the lan side and the wan side is the squid router which is connected to a
repeater from my neighbors who let me split the bill with them since i cant
get broadband.





Amos Jeffries-2 wrote:
prophetmr wrote:

currently its set to default client_netmask 255.255.255.255 if i change
it
to 255.255.255.0 will it pass the ips thru?
No, setting it to 255.255.255.0 will cause the last numeric of the IP to not be logged. Thats why we thought it might be set.

If you don't mind can you post your whole squid.conf (minus the comment # lines) so we can get a look and check for unexpected things.

Cheers
Amos


Chris Robertson-2 wrote:
prophetmr wrote:
 Im new to squid and i have the same problem im running squid
transparently
primarily to keep tabs on what my kids are up to on the internet and i
have
set the kids laptops to static ips but in the logs i only show the
network
ip not the users ip. Daily i run srg with a date range of the day and
examine where the kids have been but without there ips it makes it
kinda
hard to figure out what kid did what. Is there any way to pass the ips
of
the users into the logs?
Have you set "client_netmask" in your squid.conf?

I checked and #emulate_httpd_log off  is a default setting
Chris



--
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12
   Current Beta Squid 3.1.0.3





--
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12
  Current Beta Squid 3.1.0.3

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux