[squid-users] Logging of 'indirect' requests, e.g. involving NAT or VPN
Antony Stone
Antony.Stone at squid.open.source.it
Fri Jun 26 08:58:51 UTC 2015
On Friday 26 Jun 2015 at 09:51, Henry S. Thompson wrote:
> > logs will show the IP address that reached squid, ie. the source
> > address of the connection. If that was NATted, squid will never know
> > (and thus is not able to log) the original address before the NAT.
>
> That's what I assumed, but in a log I've been working with for
> research purposes, 192.168.... turns up -- how is this possible given
> what you say?
It's entirely plausible (I'd even say common) for VPN clients to get
192.168.... addresses; also if there's a NATting router in the path and Squid
is logging its address, that could easily be 192.168....
I'd say your best way of working out what's happening is to pick such an
address you see (frequently?) in the log files, and ask whoever's network this
is what machine that address belongs to.
Hope that helps,
Antony.
--
There are two possible outcomes:
If the result confirms the hypothesis, then you've made a measurement.
If the result is contrary to the hypothesis, then you've made a discovery.
- Enrico Fermi
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list