RE: [m0n0wall] Http request redirect to Squid

From:	"Ryan Wagoner" <Ryan at wgnrs dot dynu dot com>
To:	"Alain Fauconnet" <alain at ait dot ac dot th>, <m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Http request redirect to Squid
Date:	Thu, 20 Apr 2006 07:41:39 -0400
That's incorrect. Heres an excert from calamaris, a squid log interpreter. As you can see the log
still has the correct ip addresses, and calamaris does the hostname lookup. Below that is an excert
from the access.log from squid.

# Incoming TCP-requests by host
host                            request   hit-% sec/req   Byte    hit-% kB/sec  
------------------------------ --------- ------ ------- -------- ------ ------- 
sandy.mydomain.local            34006  63.53    1.23     342M  16.18    8.36 
sonylaptopwinxp.mydomain.local
                                   24216  22.29    0.43     225M  16.77   22.36 
patrick.mydomain.local          22122  58.74    0.93     134M  24.67    6.69 
larry.mydomain.local            12546  47.81    0.68     141M   9.80   16.91 
10.10.1.146                         8907  47.24    0.82      47M  16.08    6.51 
10.10.1.141                         2372  41.15    0.52      29M   6.67   24.24 
scottwinxp.mydomain.local        1603  34.06    0.42      12M   7.27   18.72 
gary.mydomain.local               418   5.74    8.09     170M   0.75   51.39 
mrkrabs.mydomain.local            272  26.10    6.86     106M   0.28   58.12 
pearl.mydomain.local              111  15.32    5.35       8M   0.75   13.30 
win2ksrvr.mydomain.local               36  30.56   15.47       0M  19.35    0.16 
10.10.1.139                           29   6.90    1.56       3M   0.23   65.46 
10.10.1.135                            1   0.00    0.83       0M   0.00   14.70 
------------------------------ --------- ------ ------- -------- ------ ------- 
Sum                               106639  48.62    0.91    1217M  12.49   12.85  

1145533211.087    195 10.10.1.150 TCP_MISS/200 6278 GET
http://www.harborfreight.com/cpi/photos/31900-31999/31979-t.gif - DIRECT/130.81.64.53 image/gif
1145533211.190    175 10.10.1.150 TCP_MISS/200 4627 GET
http://www.harborfreight.com/cpi/photos/46800-46899/46852-t.gif - DIRECT/130.81.64.58 image/gif
1145533211.287    199 10.10.1.150 TCP_MISS/200 6128 GET
http://www.harborfreight.com/cpi/photos/93100-93199/93142-t.gif - DIRECT/130.81.64.53 image/gif
1145533211.384    193 10.10.1.150 TCP_MISS/200 6106 GET
http://www.harborfreight.com/cpi/photos/01600-01699/01611-t.gif - DIRECT/130.81.64.58 image/gif
1145533233.934    320 10.10.1.149 TCP_MISS/302 730 GET http://fxfeeds.mozilla.com/rss20.xml -
DIRECT/207.126.111.225 text/html
1145533234.464    470 10.10.1.149 TCP_REFRESH_MISS/200 16968 GET
http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml - DIRECT/212.58.240.133
application/xml

-----Original Message-----
From: Alain Fauconnet [mailto:alain at ait dot ac dot th] 
Sent: Thursday, April 20, 2006 12:28 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Http request redirect to Squid

Hello readers,

> > Put squid on OPT1, etc interface so its separate from lan. Place the 
> >below rule, modified to your needs, in your config file and upload it 
> >to monowall. Set squid to be transparent proxy and your good to go.
> > 
> >
> >Downside is that squid is on another interface, but if squid goes 
> >down you only loose http traffic.

Isn't there another downside in that your Squid will only see NATted client IP addresses i.e. only
the address of the M0n0wall box itself?
This would make Squid logs meaningless. Maby not a big deal for many sites, but a pain for others
(no abuse tracking, no reliable accounting etc.) I used to have that problem when doing NAT-based
HTTP traffic redirection on Linux boxes.

Greets,
_Alain_

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch