[squid-users] Logging of 'indirect' requests, e.g. involving NAT or VPN

[Henry S. Thompson]

Antony Stone writes:

> Imagine the following setup:
>
> Organisation has a bunch of servers (maybe at their office in a
> server room, maybe in a data centre, doesn't matter which), some of
> which have public IPs, but all of which have private IPs on an
> internal subnet (for system management purposes, aside from anything
> else).  One of these servers is the squid proxy.  Another server is
> the VPN endpoint for remote client machines.

Got it, makes sense, thanks.

> Remote client connects to public IP of the VPN server, gets assigned a 
> 192.168.x.y address.  Remote client is configured to use the Squid proxy 
> server.  When it does so, its request (from 192.168.x.y) is routed from the 
> VPN endpoint to the Squid server (they can talk directly to each other because 
> they're both on the same subnet, no NAT involved) and the Squid server then 
> sends the request out to the Internet to fetch a web page.
>
> The client IP logged by the Squid server in this scenario is 192.168.x.y

Thanks, that helps a lot.

> I repeat my recommendation - pick one of the 192.168.m.n addresses
> you're seeing in the log files and ask whoever looks after this
> network which machine has that address (or at least, what that
> subnet range is used for)

Will do.

ht
-- 
       Henry S. Thompson, School of Informatics, University of Edinburgh
      10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
                Fax: (44) 131 650-4587, e-mail: ht at inf.ed.ac.uk
                       URL: http://www.ltg.ed.ac.uk/~ht/
 [mail from me _always_ has a .sig like this -- mail without it is forged spam]