Hi Emmanuel I filed a bug for this issue a few months ago. Unfortunately no developers have taken notice yet. Hopefully soon, though. http://bugs.squid-cache.org/show_bug.cgi?id=3982 Kind regards Dan On 12 Mar 2014, at 7:03 am, Emmanuel LAZARO - S.IM.KO. <em.lazaro@xxxxxxxx> wrote: > Hi all, > > I hope you can help me on that problem. > > I compiled on my debian wheezy squid (3.4.4) server squid with the followinf options : > > ./configure --prefix=/usr --includedir=/usr/include --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid3 --enable-ssl --enable-ssl-crtd --enable-eui - –enable-icap-client --with-default-user=proxy > > What we want to do ? > > A transparent http/https proxy for logging connexions and bloking website like facebook (https/http). > > The problem is in the access.log file. Even if my clients are directly connected to the squid server (no router) the mac address are not in the logfile : > > 11/Mar/2014:16:50:09 -0300 00:00:00:00:00:00 192.162.20.2 https://packages.debian.org/Pics/gradient.png - 1037 > 11/Mar/2014:16:50:09 -0300 00:00:00:00:00:00 192.162.20.2 https://packages.debian.org/Pics/reddot.png packages.debian.org 918 > 11/Mar/2014:16:50:09 -0300 00:00:00:00:00:00 192.162.20.2 https://packages.debian.org/favicon.ico - 5454 > 11/Mar/2014:16:50:24 -0300 00:00:00:00:00:00 192.162.20.2 https://globalsan.net/TimeServer/timestamp.php globalsan.net 529 > > I can add i have a netfilter script to nat the connexions from 80 and 443 ports to 3328 and 3329 squid ports. > > #!/bin/sh > > # squid proxy's IP address (which is attached to eth0) > SQUID_SERVER=`ifconfig eth0 | sed -ne 's/.*inet addr:\([^ ]*\).*/\1/p'` > > # interface connected to WAN > INTERNET="eth2" > > # interface connected to LAN > LAN_IN="eth0" > > # squid port > SQUID_PORT="3128" > SQUID_PORT_HTTPS="3129" > > > # clean old firewall > iptables -F > iptables -X > iptables -t nat -F > iptables -t nat -X > iptables -t mangle -F > iptables -t mangle -X > > # load iptables modules for NAT masquerade and IP conntrack > modprobe ip_conntrack > modprobe ip_conntrack_ftp > > # define necessary redirection for incoming http traffic (e.g., 80) > iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT > > iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 443 -j REDIRECT --to-port $SQUID_PORT_HTTPS > > # forward locally generated http traffic to Squid > iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT > iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports $SQUID_PORT > > iptables -t nat -A OUTPUT -p tcp --dport 443 -m owner --uid-owner proxy -j ACCEPT > iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-ports $SQUID_PORT_HTTPS > > # forward the rest of non-http traffic > iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE > iptables --append FORWARD --in-interface $INTERNET -j ACCEPT > > # enable IP forwarding for proxy > echo 1 > /proc/sys/net/ipv4/ip_forward > > The squid.conf is really too long to past it here but i can answer to you on what i written inside. > > Someone encountered this problem yet ?
