I have tweaked the squid.conf on pfsense to support the X-Forwarded-For in this 
manner :

logformat squid      %ts.%03tu %6tr %{X-Forwarded-For}>h %>a %Ss/%03>Hs %<st 
%rm %ru %[un %Sh/%<a %mt

So now I have the client IP and with some other tweaks I have the lightsquid 
and squid real time reporting working with 2 IP addresses ( IP HOST - IP 
BALANCER ).

Thanks for the reply.
Regards
EXA



________________________________
Da: Steve Goldthorpe <st...@waistcoat.org.uk>
Inviato: mercoledì 29 giugno 2016 10.07
A: zenloadbalancer-support@lists.sourceforge.net
Oggetto: Re: [Zenloadbalancer-support] ZenLoadBalancer + Squid - real client IP

That's working as expected.  The TCP profile is just proxying the traffic 
without interpreting it, so all your requests are coming from the LB.

You've got two options:

* As squid uses HTTP, you should use a HTTP profile and configure squid to 
respect the X-Forwarded header as the client IP address.  You may or may not 
have to tweak the HTTP verbs setting depending on your usage of squid 
(supporting CONNECT for non-cached HTTPS requests etc.).
* Alternatively you could use a LxNAT profile in DNAT mode which will be able 
to handle more traffic, but you'll most likely need to change the network 
configuration of your squid hosts (to use the lb as the default gateway).

In later versions of ZLB the TCP profile has been removed as LxNAT in SNAT mode 
gives equivalent operation (and has the same issue with backends not seeing 
client addresses).

-Steve Goldthorpe

On 29 June 2016 at 08:45, Exa Gon 
<exa_...@hotmail.com<mailto:exa_...@hotmail.com>> wrote:

Hi to all, I'm looking for clarification around the IP connection from ZLB and 
Squid, so I have two pfsense with squid impemented and one ZLB with a TCP farm 
for port 3128 but on squid log I have only the ZLB ip . It is possible to have 
the original client IP on the SQUID logs ?


192.168.1.1(client) ----> 192.168.20.1 ( ZBL ) ------> 192.168.30.1 ( Squid 1 )

                                                                         
------> 192.168.30.2 ( Squid 2 )


Thanks in advance.

Regards

EXA

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support


------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support

Reply via email to