Andy Low wrote: > I have the following setup: > > Users <---> FW <---> Squid <---> Internet > > 1) The firewal (FW) interface, facing Squid is configure with PAT. > 2) Squid is listening at port 8080. > > When I execute "netstat -na" on squid, I see a lot of session established > from FW to Squid and Squid to Internet. > > May I know to identify the actual session from FW to Internet. Take note > my FW is doing a PAT.
Turn off the address translation for traffic destined to the Squid box and just route it normally. Then you can track the real source IP address in Squid's access.log. Adam
