[squid-users] Wrong client IP address in log file

gk180984 at interia.pl gk180984 at interia.pl
Fri Nov 25 13:31:00 UTC 2016 

HelloI'm looking solutions of my problem but I can't find.I have Squid + dansguardian installation as transparent proxy and in this configuration must be something wrong. This is a Debian 7 and working in local network as router (local address 10.0.0.4, 10.99.0.1).In dansguardian log file I have good IP client address, but in squid log file this address is equal to the router address (10.0.0.4).# tailf /var/log/dansguardian/access.log2016.11.25 13:52:16 - 10.99.0.98 http://businessclick.b...10.99.0.98 is real client address~# tailf /var/log/squid/access.log25/Nov/2016:13:34:08 +0100 1480077248.293 170 10.0.0.4 10.0.0.4 TCP_MISS/200 1004 POST http://ocsp.digic...10.0.0.4 is not a real client address, it's look like dansguardian IP.  Second address is a '%>a' parameter, I try also with '%>A'I try change squid and dansguardian listen address to 0.0.0.0 but this not help. I don't know what is the reason of that. I have same older installation in Debian 6 and there it works fine.My clients is: 10.0.0.0/24 10.99.0.0/24# squid -vSquid Cache: Version 2.7.STABLE9configure options:  '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--with-pthreads' '--enable-async-io' '--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--enable-referer-log' '--enable-useragent-log' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp' '--enable-follow-x-forwarded-for' '--with-large-files' '--with-maxfd=65536' '--build' 'x86_64-linux-gnu' 'build_alias=x86_64-linux-gnu'# dansguardian -vDansGuardian 2.10.1.1Built with:  '--prefix=/usr' '--enable-clamav=yes' '--enable-clamd=yes' '--with-proxyuser=dansguardian' '--with-proxygroup=dansguardian' '--sysconfdir=/etc' '--localstatedir=/var' '--enable-icap=yes' '--enable-commandline=yes' '--enable-email=yes' '--enable-ntlm=yes' '--enable-trickledm=yes' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' 'CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security' 'LDFLAGS=-Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security'~# netstat -ntlpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name...tcp 0 0 10.99.0.1:8080 0.0.0.0:* LISTEN 8478/dansguardiantcp 0 0 10.0.0.4:8080 0.0.0.0:* LISTEN 8478/dansguardian...tcp 0 0 10.99.0.1:3128 0.0.0.0:* LISTEN 9952/(squid)tcp 0 0 10.0.0.4:3128 0.0.0.0:* LISTEN 9952/(squid)...# grep -v '^$\|^\s*\#' /etc/squid/squid.confacl all src 0.0.0.0/0.0.0.0acl manager proto cache_objectacl localhost src 127.0.0.1/32acl to_localhost dst 127.0.0.0/8acl LAN src 10.0.0.0/24acl LAN2 src 10.99.0.0/24acl SSL_ports port 443 # httpsacl Safe_ports port 80 # httpacl purge method PURGEacl CONNECT method CONNECThttp_access allow LANhttp_access allow LAN2http_access allow manager localhosthttp_access deny managerhttp_access allow purge localhosthttp_access deny purgehttp_access deny !Safe_portshttp_access allow localhosthttp_access deny allicp_access deny allfollow_x_forwarded_for allow localhosthttp_port 10.0.0.4:3128 transparenthttp_port 10.99.0.1:3128 transparenttcp_outgoing_address 79.188.96.14hierarchy_stoplist cgi-bin ?cache_mem 64 MBcache_dir ufs /tmp/squid 100 16 256logformat squid %tl %ts.%03tu %6tr %la %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt "%{User-Agent}>h"access_log /var/log/squid/access.log squidrefresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880refresh_pattern . 0 20% 4320acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]upgrade_http0.9 deny shoutcastacl apache rep_header Server ^Apachebroken_vary_encoding allow apacheextension_methods REPORT MERGE MKACTIVITY CHECKOUThosts_file /etc/hostscoredump_dir /tmp/squid# grep -v '^$\|^\s*\#' /etc/dansguardian/dansguardian.confreportinglevel = 3languagedir = '/etc/dansguardian/languages'language = 'polish'loglevel = 2logexceptionhits = 2logfileformat = 1filterip = 10.0.0.4filterip = 10.99.0.1filterport = 8080proxyip = 10.0.0.4proxyip = 10.99.0.1proxyport = 3128accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'nonstandarddelimiter = onusecustombannedimage = oncustombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif'filtergroups = 1filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'bannediplist = '/etc/dansguardian/lists/bannediplist'exceptioniplist = '/etc/dansguardian/lists/exceptioniplist'showweightedfound = onweightedphrasemode = 2urlcachenumber = 1000urlcacheage = 900scancleancache = onphrasefiltermode = 2preservecase = 0hexdecodecontent = offforcequicksearch = offreverseaddresslookups = offreverseclientiplookups = offlogclienthostnames = offcreatelistcachefiles = onmaxuploadsize = -1maxcontentfiltersize = 256maxcontentramcachescansize = 2000maxcontentfilecachescansize = 20000filecachedir = '/tmp'deletedownloadedtempfiles = oninitialtrickledelay = 20trickledelay = 10downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'contentscannertimeout = 60contentscanexceptions = offrecheckreplacedurls = offforwardedfor = offusexforwardedfor = offlogconnectionhandlingerrors = onlogchildprocesshandling = offmaxchildren = 120minchildren = 8minsparechildren = 4preforkchildren = 6maxsparechildren = 32maxagechildren = 500maxips = 0ipcfilename = '/tmp/.dguardianipc'urlipcfilename = '/tmp/.dguardianurlipc'ipipcfilename = '/tmp/.dguardianipipc'nodaemon = offnologger = offlogadblocks = offloguseragent = offsoftrestart = offmailer = '/usr/sbin/sendmail -t'# iptables -L -nv -t natChain PREROUTING (policy ACCEPT 51435 packets, 3996K bytes) pkts bytes target     prot opt in     out     source               destination11951 
 590K REDIRECT   tcp  --  *      *       10.0.0.0/24          
0.0.0.0/0            tcp dpt:80flags: 0x17/0x02 state NEW redir ports 
8080 8453  425K REDIRECT   tcp  --  *      *       
10.99.0.0/24         0.0.0.0/0            tcp dpt:80flags: 0x17/0x02 
state NEW redir ports 8080Chain INPUT (policy ACCEPT 57817 packets, 3748K bytes) pkts bytes target     prot opt in     out     source               destinationChain OUTPUT (policy ACCEPT 54832 packets, 3473K bytes) pkts bytes target     prot opt in     out     source               destinationChain POSTROUTING (policy ACCEPT 21292 packets, 1338K bytes) pkts bytes target     prot opt in     out     source               destination  11M  990M MASQUERADE  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0Thanks for any help-- Grzegorz KuczyƄski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161125/50235652/attachment.html>

More information about the squid-users mailing list