>From what i understood from the page you linked i put this in the firewall of the router # nvram set rc_firewall=" iptables -t nat -A PREROUTING -s 192.168.3.107 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A POSTROUTING -j MASQUERADE " [Ctrl+D] # nvram commit at that point i lost net access , i could connect to the router but i couldnt even access its firmware screen, reset the router to original config and reloaded my backup image with the ols script and im back up and running but still have my problem. what did i miss? > There you go. It's the way you are doing interception. > NAT is a destructive process, it drops the original source IPs from the > IP-layer information. Thats just the way NAT operates. > > What you want to do instead is selectively route the port 80 traffic to > the squid box and do the intercept NAT there instead of on the router. > see > http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute > > for an example of how to set that up at the router. > The linked REDIRECT page has rules for the Squid box setup. > > Amos > > -- View this message in context: http://www.nabble.com/unable-to-see-client-ip-address-in-log-file-tp21606298p21645576.html Sent from the Squid - Users mailing list archive at Nabble.com.
