[squid-users] Logging of 'indirect' requests, e.g. involving NAT or VPN

Antony Stone Antony.Stone at squid.open.source.it
Fri Jun 26 08:58:51 UTC 2015


On Friday 26 Jun 2015 at 09:51, Henry S. Thompson wrote:

> >     logs will show the IP address that reached squid, ie. the source
> > address of the connection. If that was NATted, squid will never know
> > (and thus is not able to log) the original address before the NAT.
> 
> That's what I assumed, but in a log I've been working with for
> research purposes, 192.168.... turns up -- how is this possible given
> what you say?

It's entirely plausible (I'd even say common) for VPN clients to get 
192.168.... addresses; also if there's a NATting router in the path and Squid 
is logging its address, that could easily be 192.168....

I'd say your best way of working out what's happening is to pick such an 
address you see (frequently?) in the log files, and ask whoever's network this 
is what machine that address belongs to.


Hope that helps,


Antony.

-- 
There are two possible outcomes:

 If the result confirms the hypothesis, then you've made a measurement.
 If the result is contrary to the hypothesis, then you've made a discovery.

 - Enrico Fermi

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list