Squid Networking Client IP
I've done plenty of googling readnig of articles but I cannot get my squid setup to log the client ip's.
I'm not sure if it's even possible with my setup. The squid logs all show : Code:
172.16.108.1 TCP_MISS/200 7330 CONNECT urs.microsoft.com:443 - DIRECT/213.199.170.73 - Anyway here is a quick diagram of the network : Clients (10.0.1.0-200, Microsoft WinXP, Win2003 domain) Proxy Server : 172.16.108.200 (172x range is internal servers only in protected network) ADSL Modem (DHCP activated) --> 192.168.1.254 Right, now the proxy server is a vmware machine located on host with 6 network cards. 3 of the network cards are linked directly only to this proxy server (dedicated) Eth0 : 172.16.108.200 (proxy/squid address on port 8080) Eth1 : 192.168.1.35 (dhcp lease from adsl modem / gateway) eth2: 10.0.1.233 (client ip range My routing tables Code:
To test this I made a new client in the 172.x range, this one appeared in my logging with the correct ip. But the clients cannot be put in this range :(. Is there a work-around for this issue? Maybe with the correct routing tables or third party software? Different loggin tool perhaps? Or can I have the clients send there ip's with a request towards the proxy server? Or is my only option to set the proxy server in the 10.x range? For testing I did add eth2 (10.x) to the proxy server, it didn't make any difference. |
well in a conventional setup the IP of the client is what hits the box, so there's nothing else required. if you are natting the traffic (possibly as part of a transparent proxy) then this information can be lost. I'd be looking outside of squid for why this is happening. do a tcpdump on the squid box and just ping it from a client and see what source IP is hitting you. I'd guess it's also going to not be the real clients IP address - I reckon your gateway is doing an illogical source nat on traffic through it.
|
Quote:
I figured it was something like that. Any clue if we need to fix this in our gateway (GNAT firewall)? And what options we need to look for? Or even better a work around? Can configure certain routes on the proxy server to do a reverse lookup ? Or is my best option to place the proxy server in the same ip range as the clients? Then it wouldn't need the gateway right? Here is ping tcpdump : Code:
12:06:14.996704 IP 172.16.108.1 > proxy: ICMP echo request, id 1024, seq |
well i've no idea what this gateway device is but it's absolutely at fault. with those two internal networks you should not be doing any nat at all. you would only change the source IP when you are heading out from the private network to the interweb.
|
Hehe, well I went ahead and placed the proxy server in the actual ip range.
Now I need to find a nice logging tool to get current kb/sec speeds being downloaden/uploaden + data/logs per user. Any suggestions? |
All times are GMT -5. The time now is 08:09 PM. |