Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
06-09-2008, 09:10 PM
|
#1
|
LQ Newbie
Registered: Sep 2005
Posts: 19
Rep:
|
Squid transparent proxy with iptables
HI,
I just setup a squid transparent proxy with iptables, however, when I check the log i found that all the proxy traffic will just take down the ip for iptables no the original traffic which come from the clients ip address.
May I know how can I over come this problem so that my proxy log will show the the original ip that traffic come from instead of the ip address for the iptables box.
thanks.
|
|
|
06-12-2008, 12:33 AM
|
#2
|
Member
Registered: Jul 2003
Location: Miami, Florida, USA
Distribution: Debian
Posts: 848
Rep:
|
I use a combination of transparent squid, sarg and webmin to log my squid clients. Try sarg.
|
|
|
06-12-2008, 04:31 AM
|
#3
|
Member
Registered: Apr 2005
Location: UK
Distribution: Slackware 13.0
Posts: 241
Rep:
|
Well, I think you're missing an option somewhere.
Standard squid transparent proxy here (no "plugins"/redirectors installed), with IPtables redirection and I get the clients IP in all my squid logs.
I'd check that you have the right options installed for transparent proxying in squid.conf and that you are using a fairly recent version.
|
|
|
06-12-2008, 04:37 AM
|
#4
|
Member
Registered: Mar 2007
Location: London, UK
Distribution: Debian, Red Hat Enterprise, Fedora
Posts: 70
Rep:
|
Just so I am understanding this correctly. your clients browse the internet like the below text diagram?
client>>>>Transparent Proxy(iptables redirects 80 to 8080 to be logged by squid) >>> internet gateway/modem
if this is the case, what rule are you using in IP tables to redirect port 80? You will need to add a prerouting DNAT rule so that the source IP information is maintained. A normal redirect rule will change the packet header so that the packet will appear to be coming from the transparent proxy and not the requesting client, in this situation.
|
|
|
06-12-2008, 04:48 AM
|
#5
|
Member
Registered: Mar 2007
Location: London, UK
Distribution: Debian, Red Hat Enterprise, Fedora
Posts: 70
Rep:
|
further to my previous post. the below rule should be what you are after. However I dont have a box I can confirm this on available at the moment. I hope it helps anywawy.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
eth0 is the interface accepting the requests from your network.
80 is the port for standard http traffic from your clients.
8080 is the port that is configured for squid, unless you have changed it to something else to suite your environment.
|
|
|
06-12-2008, 04:53 AM
|
#6
|
Member
Registered: Apr 2005
Location: UK
Distribution: Slackware 13.0
Posts: 241
Rep:
|
Quote:
Originally Posted by dbmacartney
You will need to add a prerouting DNAT rule so that the source IP information is maintained. A normal redirect rule will change the packet header so that the packet will appear to be coming from the transparent proxy and not the requesting client, in this situation.
|
Mmm. Okay, I don't know what the original poster has but I'm not sure this is 100% true.
I have a basic transparent proxy running into a couple of places and one in particular that I can access at the moment - it's a long time since I set this system up and I have only sparse access to it (it's a production server for a school) but I *don't* have DNAT rules, only REDIRECT's on my particular setup, although I don't doubt that they may have an effect in some configurations.
However, I do seem to have Squid 3.0STABLE1, which may make a difference, and "transparent" on the http_port line. I don't ever remember doing anything specific to make logging of IP's work on any version of squid I've used to do transparent proxying.
|
|
|
All times are GMT -5. The time now is 06:38 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|