Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
SQUID - Keep the Original IP of LAN Users
Here is my Setup:
LAN -> SQUID -> FIREWALL -> INTERNET
The FIREWALL stores logs of all LAN users activity (such as ports blocked etc). But now SQUID is ON, I do not get the log for each user, instead I get the IP of the SQUID box in the logs.
I set: forwarded_for on, but no change in the logs.
I want to keep the IP of the LAN user so that it is correctly logged in the firewall. Is there away to do this?
Thanks for any help
Last edited by visham; 03-04-2010 at 05:19 AM. Reason: Typo
that kind of defeats the purpose of the proxy, as the proxy fetches the data on behalf of the clientlinux user # 503963
Yeah, you are right!
my concern is the logs in the FIREWALL. And also some rules set on the firewall (per IP) is not applied to the LAN users as only 1 IP is detected
then maybe you should consider placing the proxy on the other side of the firewall, like a border router/proxy server. but you if you are planning on enforcing content filtering it will be hard, as the proxy will only see one IP address coming at it. as far as setting it up to where computer1 can access forbidden sites while computer2 cannot.linux user # 503963