Search squid archive

Re: Squid 3.2 problem to log mac address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 19/10/2012 4:38 a.m., Alexandre Rubert wrote:

Hello,
I have a chillispot server and a squid 3.2 server on my machine. I'd like to log all traffic from my hotspot client (visited website, hour, addr mac). I compiled squid with --enable-eui. When I see log file, mac address is 00:00:00:00:00:00.
EUI-48 is only available if you have ARP-relay on the network, or the client device is directly cabled to the Squid device (hub or switch between is fine).
EUI-64 are only available if they are embeded in the IPv6 address (SLAAC auto-conf address). IPv6 so-called "privacy" addresses erase that information. Manually configured and DHCP sequentially assigned static IPv6 also do not contain it. 




My squid.conf looks like :
http_port 8888 intercept
http_access allow all
eui_lookup on
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt %>eui 
access_log stdio:/usr/local/squid/var/logs/squid/access.log squid

My iptables :

IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
#$IPTABLES -A INPUT -i $EXTIF -j REJECT
#SQUID
$IPTABLES -A INPUT -p tcp -m tcp --dport 8888 --syn -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 8888 --syn -j DROP 

This one is better:
   $IPTABLES -t raw -A PREROUTING -p tcp -m tcp --dport 8888 -j DROP
It blocks attacks coming from other places than tun0, including requests for http://localhost:8888/ by malicious clients and such like. 

Amos
$IPTABLES -t nat -A PREROUTING -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8888 
#Allow related and established from $INTIF. Drop everything else.
#Allow http and https on other interfaces (input)
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
#Allow 3990 on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux