[squid-users] Logging of 'indirect' requests, e.g. involving NAT or VPN
Henry S. Thompson
ht at inf.ed.ac.uk
Fri Jun 26 09:42:49 UTC 2015
Antony Stone writes:
> On Friday 26 Jun 2015 at 09:51, Henry S. Thompson wrote:
>
>> > logs will show the IP address that reached squid, ie. the source
>> > address of the connection. If that was NATted, squid will never know
>> > (and thus is not able to log) the original address before the NAT.
>>
>> That's what I assumed, but in a log I've been working with for
>> research purposes, 192.168.... turns up -- how is this possible given
>> what you say?
>
> It's entirely plausible (I'd even say common) for VPN clients to get
> 192.168.... addresses; also if there's a NATting router in the path
> and Squid is logging its address, that could easily be 192.168....
Thanks for your input, but I'm still confused. My (perhaps naive)
understanding was that a VPN host or NATting router assigns local
subnet range IPs (e.g. 192.168... or 10.10...) to its clients, but
presents their traffic to the world, including any proxy, as if from
themselves, encapsulated using their own public, static, 'real' IP.
So I don't see how, for example "a NATting router['s] ... address"
could ever be 192.168...
ht
--
Henry S. Thompson, School of Informatics, University of Edinburgh
10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
Fax: (44) 131 650-4587, e-mail: ht at inf.ed.ac.uk
URL: http://www.ltg.ed.ac.uk/~ht/
[mail from me _always_ has a .sig like this -- mail without it is forged spam]
More information about the squid-users
mailing list