I have tweaked the squid.conf on pfsense to support the X-Forwarded-For in this
manner :
logformat squid %ts.%03tu %6tr %{X-Forwarded-For}>h %>a %Ss/%03>Hs %<st
%rm %ru %[un %Sh/%<a %mt
So now I have the client IP and with some other tweaks I have the lightsquid
and squid real time reporting working with 2 IP addresses ( IP HOST - IP
BALANCER ).
Thanks for the reply.
Regards
EXA
________________________________
Da: Steve Goldthorpe <st...@waistcoat.org.uk>
Inviato: mercoledì 29 giugno 2016 10.07
A: zenloadbalancer-support@lists.sourceforge.net
Oggetto: Re: [Zenloadbalancer-support] ZenLoadBalancer + Squid - real client IP
That's working as expected. The TCP profile is just proxying the traffic
without interpreting it, so all your requests are coming from the LB.
You've got two options:
* As squid uses HTTP, you should use a HTTP profile and configure squid to
respect the X-Forwarded header as the client IP address. You may or may not
have to tweak the HTTP verbs setting depending on your usage of squid
(supporting CONNECT for non-cached HTTPS requests etc.).
* Alternatively you could use a LxNAT profile in DNAT mode which will be able
to handle more traffic, but you'll most likely need to change the network
configuration of your squid hosts (to use the lb as the default gateway).
In later versions of ZLB the TCP profile has been removed as LxNAT in SNAT mode
gives equivalent operation (and has the same issue with backends not seeing
client addresses).
-Steve Goldthorpe
On 29 June 2016 at 08:45, Exa Gon
<exa_...@hotmail.com<mailto:exa_...@hotmail.com>> wrote:
Hi to all, I'm looking for clarification around the IP connection from ZLB and
Squid, so I have two pfsense with squid impemented and one ZLB with a TCP farm
for port 3128 but on squid log I have only the ZLB ip . It is possible to have
the original client IP on the SQUID logs ?
192.168.1.1(client) ----> 192.168.20.1 ( ZBL ) ------> 192.168.30.1 ( Squid 1 )
------> 192.168.30.2 ( Squid 2 )
Thanks in advance.
Regards
EXA
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support