Hi dan, Thanks for your answer. I read your report and i will install 3.3.10 version i think in order to log the mac addresses. I hope this issue can be resolved fast. Please, can put a note on the bug report (i havn't got an account atm) to say that you are not alone ;) Le 11 mars 2014 à 19:30, Dan Charlesworth <dan@xxxxxxxxxxx> a écrit : > Hi Emmanuel > > I filed a bug for this issue a few months ago. Unfortunately no developers have taken notice yet. Hopefully soon, though. > > http://bugs.squid-cache.org/show_bug.cgi?id=3982 > > Kind regards > Dan > > On 12 Mar 2014, at 7:03 am, Emmanuel LAZARO - S.IM.KO. <em.lazaro@xxxxxxxx> wrote: > >> Hi all, >> >> I hope you can help me on that problem. >> >> I compiled on my debian wheezy squid (3.4.4) server squid with the followinf options : >> >> ./configure --prefix=/usr --includedir=/usr/include --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid3 --enable-ssl --enable-ssl-crtd --enable-eui - –enable-icap-client --with-default-user=proxy >> >> What we want to do ? >> >> A transparent http/https proxy for logging connexions and bloking website like facebook (https/http). >> >> The problem is in the access.log file. Even if my clients are directly connected to the squid server (no router) the mac address are not in the logfile : >> >> 11/Mar/2014:16:50:09 -0300 00:00:00:00:00:00 192.162.20.2 https://packages.debian.org/Pics/gradient.png - 1037 >> 11/Mar/2014:16:50:09 -0300 00:00:00:00:00:00 192.162.20.2 https://packages.debian.org/Pics/reddot.png packages.debian.org 918 >> 11/Mar/2014:16:50:09 -0300 00:00:00:00:00:00 192.162.20.2 https://packages.debian.org/favicon.ico - 5454 >> 11/Mar/2014:16:50:24 -0300 00:00:00:00:00:00 192.162.20.2 https://globalsan.net/TimeServer/timestamp.php globalsan.net 529 >> >> I can add i have a netfilter script to nat the connexions from 80 and 443 ports to 3328 and 3329 squid ports. >> >> #!/bin/sh >> >> # squid proxy's IP address (which is attached to eth0) >> SQUID_SERVER=`ifconfig eth0 | sed -ne 's/.*inet addr:\([^ ]*\).*/\1/p'` >> >> # interface connected to WAN >> INTERNET="eth2" >> >> # interface connected to LAN >> LAN_IN="eth0" >> >> # squid port >> SQUID_PORT="3128" >> SQUID_PORT_HTTPS="3129" >> >> >> # clean old firewall >> iptables -F >> iptables -X >> iptables -t nat -F >> iptables -t nat -X >> iptables -t mangle -F >> iptables -t mangle -X >> >> # load iptables modules for NAT masquerade and IP conntrack >> modprobe ip_conntrack >> modprobe ip_conntrack_ftp >> >> # define necessary redirection for incoming http traffic (e.g., 80) >> iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT >> >> iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 443 -j REDIRECT --to-port $SQUID_PORT_HTTPS >> >> # forward locally generated http traffic to Squid >> iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT >> iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports $SQUID_PORT >> >> iptables -t nat -A OUTPUT -p tcp --dport 443 -m owner --uid-owner proxy -j ACCEPT >> iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-ports $SQUID_PORT_HTTPS >> >> # forward the rest of non-http traffic >> iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE >> iptables --append FORWARD --in-interface $INTERNET -j ACCEPT >> >> # enable IP forwarding for proxy >> echo 1 > /proc/sys/net/ipv4/ip_forward >> >> The squid.conf is really too long to past it here but i can answer to you on what i written inside. >> >> Someone encountered this problem yet ? >
