<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body id="punymce">Hello<br>I'm looking solutions of my problem but I can't find.<br>I have Squid + dansguardian installation as transparent proxy and in this configuration must be something wrong. This is a Debian 7 and working in local network as router (local address 10.0.0.4, 10.99.0.1).<br><br>In dansguardian log file I have good IP client address, but in squid log file this address is equal to the router address (10.0.0.4).<br><br># tailf /var/log/dansguardian/access.log<br>2016.11.25 13:52:16 - 10.99.0.98 <a href="http://businessclick.b..." mce_href="http://businessclick.b...">http://businessclick.b...</a><br><br>10.99.0.98 is real client address<br><br>~# tailf /var/log/squid/access.log<br>25/Nov/2016:13:34:08 +0100 1480077248.293 170 10.0.0.4 10.0.0.4 TCP_MISS/200 1004 POST <a href="http://ocsp.digic..." mce_href="http://ocsp.digic...">http://ocsp.digic...</a><br><br>10.0.0.4 is not a real client address, it's look like dansguardian IP. Second address is a '%>a' parameter, I try also with '%>A'<br><br>I try change squid and dansguardian listen address to 0.0.0.0 but this not help. I don't know what is the reason of that. I have same older installation in Debian 6 and there it works fine.<br><br>My clients is:<br> 10.0.0.0/24<br> 10.99.0.0/24<br><br><br># squid -v<br>Squid Cache: Version 2.7.STABLE9<br>configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--with-pthreads' '--enable-async-io' '--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--enable-referer-log' '--enable-useragent-log' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp' '--enable-follow-x-forwarded-for' '--with-large-files' '--with-maxfd=65536' '--build' 'x86_64-linux-gnu' 'build_alias=x86_64-linux-gnu'<br><br><br># dansguardian -v<br>DansGuardian 2.10.1.1<br>Built with: '--prefix=/usr' '--enable-clamav=yes' '--enable-clamd=yes' '--with-proxyuser=dansguardian' '--with-proxygroup=dansguardian' '--sysconfdir=/etc' '--localstatedir=/var' '--enable-icap=yes' '--enable-commandline=yes' '--enable-email=yes' '--enable-ntlm=yes' '--enable-trickledm=yes' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' 'CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security' 'LDFLAGS=-Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security'<br><br><br>~# netstat -ntlp<br>Active Internet connections (only servers)<br>Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name<br>...<br>tcp 0 0 10.99.0.1:8080 0.0.0.0:* LISTEN 8478/dansguardian<br>tcp 0 0 10.0.0.4:8080 0.0.0.0:* LISTEN 8478/dansguardian<br>...<br>tcp 0 0 10.99.0.1:3128 0.0.0.0:* LISTEN 9952/(squid)<br>tcp 0 0 10.0.0.4:3128 0.0.0.0:* LISTEN 9952/(squid)<br>...<br><br><br># grep -v '^$\|^\s*\#' /etc/squid/squid.conf<br>acl all src 0.0.0.0/0.0.0.0<br>acl manager proto cache_object<br>acl localhost src 127.0.0.1/32<br>acl to_localhost dst 127.0.0.0/8<br>acl LAN src 10.0.0.0/24<br>acl LAN2 src 10.99.0.0/24<br>acl SSL_ports port 443 # https<br>acl Safe_ports port 80 # http<br>acl purge method PURGE<br>acl CONNECT method CONNECT<br>http_access allow LAN<br>http_access allow LAN2<br>http_access allow manager localhost<br>http_access deny manager<br>http_access allow purge localhost<br>http_access deny purge<br>http_access deny !Safe_ports<br>http_access allow localhost<br>http_access deny all<br>icp_access deny all<br>follow_x_forwarded_for allow localhost<br>http_port 10.0.0.4:3128 transparent<br>http_port 10.99.0.1:3128 transparent<br>tcp_outgoing_address 79.188.96.14<br>hierarchy_stoplist cgi-bin ?<br>cache_mem 64 MB<br>cache_dir ufs /tmp/squid 100 16 256<br>logformat squid %tl %ts.%03tu %6tr %la %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt "%{User-Agent}>h"<br>access_log /var/log/squid/access.log squid<br>refresh_pattern ^ftp: 1440 20% 10080<br>refresh_pattern ^gopher: 1440 0% 1440<br>refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880<br>refresh_pattern . 0 20% 4320<br>acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]<br>upgrade_http0.9 deny shoutcast<br>acl apache rep_header Server ^Apache<br>broken_vary_encoding allow apache<br>extension_methods REPORT MERGE MKACTIVITY CHECKOUT<br>hosts_file /etc/hosts<br>coredump_dir /tmp/squid<br><br><br># grep -v '^$\|^\s*\#' /etc/dansguardian/dansguardian.conf<br>reportinglevel = 3<br>languagedir = '/etc/dansguardian/languages'<br>language = 'polish'<br>loglevel = 2<br>logexceptionhits = 2<br>logfileformat = 1<br>filterip = 10.0.0.4<br>filterip = 10.99.0.1<br>filterport = 8080<br>proxyip = 10.0.0.4<br>proxyip = 10.99.0.1<br>proxyport = 3128<br>accessdeniedaddress = '<a href="http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'" mce_href="http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'">http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'</a><br>nonstandarddelimiter = on<br>usecustombannedimage = on<br>custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif'<br>filtergroups = 1<br>filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'<br>bannediplist = '/etc/dansguardian/lists/bannediplist'<br>exceptioniplist = '/etc/dansguardian/lists/exceptioniplist'<br>showweightedfound = on<br>weightedphrasemode = 2<br>urlcachenumber = 1000<br>urlcacheage = 900<br>scancleancache = on<br>phrasefiltermode = 2<br>preservecase = 0<br>hexdecodecontent = off<br>forcequicksearch = off<br>reverseaddresslookups = off<br>reverseclientiplookups = off<br>logclienthostnames = off<br>createlistcachefiles = on<br>maxuploadsize = -1<br>maxcontentfiltersize = 256<br>maxcontentramcachescansize = 2000<br>maxcontentfilecachescansize = 20000<br>filecachedir = '/tmp'<br>deletedownloadedtempfiles = on<br>initialtrickledelay = 20<br>trickledelay = 10<br>downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'<br>downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'<br>contentscannertimeout = 60<br>contentscanexceptions = off<br>recheckreplacedurls = off<br>forwardedfor = off<br>usexforwardedfor = off<br>logconnectionhandlingerrors = on<br>logchildprocesshandling = off<br>maxchildren = 120<br>minchildren = 8<br>minsparechildren = 4<br>preforkchildren = 6<br>maxsparechildren = 32<br>maxagechildren = 500<br>maxips = 0<br>ipcfilename = '/tmp/.dguardianipc'<br>urlipcfilename = '/tmp/.dguardianurlipc'<br>ipipcfilename = '/tmp/.dguardianipipc'<br>nodaemon = off<br>nologger = off<br>logadblocks = off<br>loguseragent = off<br>softrestart = off<br>mailer = '/usr/sbin/sendmail -t'<br><br><br># iptables -L -nv -t nat<br>Chain PREROUTING (policy ACCEPT 51435 packets, 3996K bytes)<br> pkts bytes target prot opt in out source destination<br>11951
590K REDIRECT tcp -- * * 10.0.0.0/24
0.0.0.0/0 tcp dpt:80flags: 0x17/0x02 state NEW redir ports
8080<br> 8453 425K REDIRECT tcp -- * *
10.99.0.0/24 0.0.0.0/0 tcp dpt:80flags: 0x17/0x02
state NEW redir ports 8080<br><br>Chain INPUT (policy ACCEPT 57817 packets, 3748K bytes)<br> pkts bytes target prot opt in out source destination<br><br>Chain OUTPUT (policy ACCEPT 54832 packets, 3473K bytes)<br> pkts bytes target prot opt in out source destination<br><br>Chain POSTROUTING (policy ACCEPT 21292 packets, 1338K bytes)<br> pkts bytes target prot opt in out source destination<br> 11M 990M MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0<br><br><br>Thanks for any help<br><br>-- <br>Grzegorz Kuczyński<br><br><br><br><br><br></body></html>