Hi Sascha,
Yes, it helps. I've changed my network scheme, it works great!
Thanks you very much.
George
On Wed, 6 Jan 1999, Sascha Merberg wrote:
> <Sorry for me misunderstanding.>
>
> I don't think it can be done.
> The IP-number that accesses the outside world is that of your
> masquerading box. (Which is why it works ... because it is a "real" IP.)
> Your proxy "sees" only the IP of the masq-box.
> Maybe this is not of any help either, but why don't you run the proxy on
> a machine with a private IP which would then have the real IP as default
> gateway? If I interpret your sketch right, it is the same machine
> anyways, so routing would be no problem. (Wouldn't be if there were
> several machines as well.)
>
> Hope this one helped!
> Sascha.
>
> Hongsheng Zhu wrote:
> >
> > On Wed, 6 Jan 1999, Sascha Merberg wrote:
> >
> > > Since the proxy _is_ the machine directly accessing the net, you have to log
> > > the other clients where they do access.
> > > In short: Use squid's logging capabilities.
> >
> > I'm afraid I did not describe my problem clearly. My gateway box is doing
> > IP masquerading, it only allows the clients to access the proxy. My
> > gateway is at 10.103.33.38, which has a rule like this:
> >
> > ipfwadm -F -a m -S 192.168.1.0/24 -D 10.103.33.43/32
> > ipfwadm -F -a m -S 192.168.2.0/24 -D 10.103.33.43/32
> >
> > where 10.103.33.43 is my proxy's IP. The proxy can log every access w/o
> > problems, the only problem is that the log ALWAYS treats each access as
> > from the gateway box. Suppose I fire up the browser and access some site,
> > the proxy will log like this:
> >
> > 915619748.167 3032 10.103.33.38 TCP_MISS/200 405 GET http://...
> >
> > but I really want is something like this:
> >
> > 915619748.167 3032 192.168.1.123 TCP_MISS/200 405 ...
> >
> > Is there a way of making this possible?
> >
> > >
> > > Regards,
> > > Sascha.
> > >
> > > Hongsheng Zhu wrote:
> > >
> > > > Hi,
> > > >
> > > > I've setup a gateway on my LAN which servers for 3 trunks, shown below:
> > > >
> > > > +------------------+
> > > > | Computing Center | 10.103.33.0
> > > > +------------------+
> > > > |
> > > > +----------+
> > > > | Linux | 10.103.33.38
> > > > | Gateway | 192.168.1.240
> > > > | | 192.168.2.240
> > > > +----------+
> > > > | |
> > > > +-----+ +--------+
> > > > | |
> > > > +--------------+ +------------------+
> > > > | Normal users | | Development team |
> > > > +--------------+ +------------------+
> > > > 192.168.1.0 192.168.2.0
> > > >
> > > > And there's a proxy server at 10.103.33.43 which has the Internet access
> > > > ability. I can browse at any trunk by setting up the proxy. It works fine.
> > > > My problem is, each request log in the proxy server shows that the request
> > > > is from the Gateway box (10.103.33.38), not the actual user's IP (like
> > > > 192.168.1.123).
> > > >
> > > > I'm using RedHat 5.2, ipfwadm, squid 2.0.
> > > >
> > > > Does anybody know how to solve this?
> > > >
> > > > Thanks.
> > > >
> > > > Hongsheng Zhu ( [EMAIL PROTECTED] )
> > > > ====================================
> > > > System Administrator & Webmaster
> > > > Hangzhou China Online NetFirm
> > > > Tel: +86 571 5123645 Fax: 5123280
> > > >
> > > > http://www.netfirm.net/
> > > >
> > > > The only certainty is that nothing is certain. -- Pliny the Elder.
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > For daily digest info, email [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
