On Friday 26 Jun 2015 at 10:42, Henry S. Thompson wrote: > Antony Stone writes: > > > > It's entirely plausible (I'd even say common) for VPN clients to get > > 192.168.... addresses; also if there's a NATting router in the path > > and Squid is logging its address, that could easily be 192.168.... > > Thanks for your input, but I'm still confused. My (perhaps naive) > understanding was that a VPN host or NATting router assigns local > subnet range IPs (e.g. 192.168... or 10.10...) to its clients, but > presents their traffic to the world, including any proxy, as if from > themselves, encapsulated using their own public, static, 'real' IP. > So I don't see how, for example "a NATting router['s] ... address" > could ever be 192.168... Imagine the following setup: Organisation has a bunch of servers (maybe at their office in a server room, maybe in a data centre, doesn't matter which), some of which have public IPs, but all of which have private IPs on an internal subnet (for system management purposes, aside from anything else). One of these servers is the squid proxy. Another server is the VPN endpoint for remote client machines. Remote client connects to public IP of the VPN server, gets assigned a 192.168.x.y address. Remote client is configured to use the Squid proxy server. When it does so, its request (from 192.168.x.y) is routed from the VPN endpoint to the Squid server (they can talk directly to each other because they're both on the same subnet, no NAT involved) and the Squid server then sends the request out to the Internet to fetch a web page. The client IP logged by the Squid server in this scenario is 192.168.x.y Alternatively, imagine the organisation has several office locations interconnected using MPLS or some similar private connectivity (ie: not over the Internet, or tunneled if it is over the Internet - the end result either way being that each office has a 192.168.a.0/24 subnet for its clients). One of the offices has a Squid server and a connection to the Internet; connections from clients at the other offices go over the private links to this office, via Squid, to the Internet. Again, in this setup Squid will see the true IP address of the clients, ie: 192.168.a.b because that's the only address the clients have, and with direct interconnects there's no need for NATting to a public IP along the way. I repeat my recommendation - pick one of the 192.168.m.n addresses you're seeing in the log files and ask whoever looks after this network which machine has that address (or at least, what that subnet range is used for) - I think it's going to turn out to be one of: a) a real client in something like the second scenario above b) a VPN client in the first scenario above c) an internal router in a variation of the second scenario above Regards, Antony. -- You can spend the whole of your life trying to be popular, but at the end of the day the size of the crowd at your funeral will be largely dictated by the weather. - Frank Skinner Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users