Hello,
I have a chillispot server and a squid 3.2 server on my machine. I'd
like to log all traffic from my hotspot client (visited website, hour,
addr mac). I compiled squid with --enable-eui. When I see log file, mac
address is 00:00:00:00:00:00.
My squid.conf looks like :
http_port 8888 intercept
http_access allow all
eui_lookup on
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A
%mt %>eui
access_log stdio:/usr/local/squid/var/logs/squid/access.log squid
My iptables :
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
#$IPTABLES -A INPUT -i $EXTIF -j REJECT
#SQUID
$IPTABLES -A INPUT -p tcp -m tcp --dport 8888 --syn -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 8888 --syn
-j DROP
$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 80 -j
REDIRECT --to-ports 8888
#Allow related and established from $INTIF. Drop everything else.
#Allow http and https on other interfaces (input)
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
#Allow 3990 on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
