LinuxQuestions.org - Squid Networking Client IP

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Squid Networking Client IP (https://www.linuxquestions.org/questions/linux-networking-3/squid-networking-client-ip-636984/)

Squid Networking Client IP

I've done plenty of googling readnig of articles but I cannot get my squid setup to log the client ip's.

I'm not sure if it's even possible with my setup. The squid logs all show :

Code:

172.16.108.1 TCP_MISS/200 7330 CONNECT urs.microsoft.com:443 - DIRECT/213.199.170.73 -

So the gateway ip of 172.16.108.1 and not the actual clients. My log generator can only show "one" user.

Anyway here is a quick diagram of the network :

Clients (10.0.1.0-200, Microsoft WinXP, Win2003 domain)

Proxy Server : 172.16.108.200 (172x range is internal servers only in protected network)

ADSL Modem (DHCP activated) --> 192.168.1.254

Right, now the proxy server is a vmware machine located on host with 6 network cards. 3 of the network cards are linked directly only to this proxy server (dedicated)

Eth0 : 172.16.108.200 (proxy/squid address on port 8080)
Eth1 : 192.168.1.35 (dhcp lease from adsl modem / gateway)
eth2: 10.0.1.233 (client ip range

My routing tables

Code:



proxy:~# route -n

Kernel IP routing table



Destination    Gateway        Genmask        Flags Metric Ref    Use Iface

192.168.1.0    0.0.0.0        255.255.255.0  U    0      0        0 eth1

172.16.108.0    0.0.0.0        255.255.255.0  U    0      0        0 eth0

10.0.1.0        0.0.0.0        255.255.255.0  U    0      0        0 eth2

0.0.0.0        192.168.1.254  0.0.0.0        UG    0      0        0 eth1

Everything is working perfectly except for the client logging. I figured it had something to do with the different ip range that the clients were in.

To test this I made a new client in the 172.x range, this one appeared in my logging with the correct ip.

But the clients cannot be put in this range :(. Is there a work-around for this issue? Maybe with the correct routing tables or third party software? Different loggin tool perhaps?

Or can I have the clients send there ip's with a request towards the proxy server? Or is my only option to set the proxy server in the 10.x range?

For testing I did add eth2 (10.x) to the proxy server, it didn't make any difference.

well in a conventional setup the IP of the client is what hits the box, so there's nothing else required. if you are natting the traffic (possibly as part of a transparent proxy) then this information can be lost. I'd be looking outside of squid for why this is happening. do a tcpdump on the squid box and just ping it from a client and see what source IP is hitting you. I'd guess it's also going to not be the real clients IP address - I reckon your gateway is doing an illogical source nat on traffic through it.

Quote:

Originally Posted by acid_kewpie (Post 3128905)

I figured it was something like that. Any clue if we need to fix this in our gateway (GNAT firewall)? And what options we need to look for?

Or even better a work around? Can configure certain routes on the proxy server to do a reverse lookup ?

Or is my best option to place the proxy server in the same ip range as the clients? Then it wouldn't need the gateway right?

Here is ping tcpdump :

Code:

12:06:14.996704 IP 172.16.108.1 > proxy: ICMP echo request, id 1024, seq 



12:06:14.996736 IP proxy > 172.16.108.1: ICMP echo reply, id 1024, seq

well i've no idea what this gateway device is but it's absolutely at fault. with those two internal networks you should not be doing any nat at all. you would only change the source IP when you are heading out from the private network to the interweb.

Hehe, well I went ahead and placed the proxy server in the actual ip range.

Now I need to find a nice logging tool to get current kb/sec speeds being downloaden/uploaden + data/logs per user.

Any suggestions?