Find the answer to your Linux question:
Results 1 to 2 of 2
Okay, i have some problems with squid. 1.] I am running a transparent squid proxy on the internal address 192.168.1.16. I am routing all http packets coming to my gateway ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User Felarin's Avatar
    Join Date
    Mar 2007
    Location
    Brazil or Singapore
    Posts
    314

    Help needed with Squid, rather urgent.


    Okay, i have some problems with squid.

    1.] I am running a transparent squid proxy on the internal address 192.168.1.16.
    I am routing all http packets coming to my gateway 192.168.1.15 to 192.168.1.16 via NAT on the gateway. However, my access.log shows the queries as coming from 192.168.1.15. All queries on the network are seen as coming from 192.168.1.15. I want to see the actual client who queried for that site, his ip address.

    I tried gutsy's squid as well. It had a bug fixed and it allowed you to use.

    follow_x_forwarded_for allow all
    acl_uses_indirect_client on
    delay_pool_uses_indirect_client on
    log_uses_indirect_client onYet, i still see all my logged queries as originating from 192.168.1.15

    I have no NAT rule to SNAT all http traffic from my squid back to my gateway. Is there any way to see the original client's ip? Is it because my firewall is masquerading all traffic and it's changing the source header? Anyone know a rule i can use to only masquerade traffic going out to WAN?

    This problem dosen't occur if i set each individual client's browser to point to my proxy because all the traffic goes to the proxy first before going to the gateway. So i can see the originating queries and their actual originating ip addresses. But it occurs if i route the packets because it goes to my router first. Will it happen if i route the packets directly to my squid box? If so, will transparency work?

    2.] I set an acl

    acl special src 192.168.1.18
    acl block url_regex -i porn
    http_access deny block !special

    acl me src 192.168.1.0/24
    http_access allow me
    http_access deny all

    Shouldn't this block all user's from using the word porn in queries or in urls except 192.168.1.18? However, it still blocks 192.168.1.18 as well.

    Am i doing something wrong here?

    How does the ordering work and is there any guide i can follow regarding the ordering? I've actually tried the stuff in the squid wiki but it still dosen't work.

    Anyone can help me out here? Squid's impt for me. Will really appreciate it.
    "A graphical user interface is just a mask. What lies beneath is what matters."

  2. #2
    Linux User Felarin's Avatar
    Join Date
    Mar 2007
    Location
    Brazil or Singapore
    Posts
    314
    I fixed the problem no.1 by disabling it as a transparent proxy and then blocking http and https access to the machines that i wanted to monitor.

    I then set the browsers on those machines to point to my proxy.

    If the browserś proxy settings are set back to direct connect. They cant access the internet. Thatś the only way i guess, if you want to monitor the indirect clientś ip address.

    I tried using the x forwarded headers and indirect client log switches but they just didnt function or i dont know how to use them.

    Would be nice if anyone could show me the way towards solving problem 2 as well as a direct solution to problem 1.
    "A graphical user interface is just a mask. What lies beneath is what matters."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •