i use squid 2.7 and i can’t show my user in squid log i use hotspot all log in squid is src ip pls help
my network
router board pcc (192.168.4.1)
|
|
squid 192.168.10.1
|
|
mikrotik (hotspot) 10.0.0.1
|
|
users
This is usually an issue with NAT. Try not to use a SRC-NAT rule on the 10.0.0.1 router. If you do, then your address will be masqueraded and you’ll see the users as 10.0.0.1 and not their own IPs.
Thanks for the help, but I tried not src-nat But the problem exists i show all Request in squid with 192.168.10.2 and this not orginal ip of user
hotspot pool 10.0.0.1/20
squid is 192.168.10.1
ethernet in mikroitk to squid 192.168.10.2
if you can help me with team viewr
Sure, I can TV in, but then you’ll have to mail me. anrkey@gmail.com
I’ll have to do it tonight though.
AnRkey is right. If you have this:
ethernet in mikroitk to squid 192.168.10.2
and you show all ips in your squid as 192.168.10.2, you have a nat somewhere in there.
edit: It is probably the hotspot masquerade. When you installed the hotspot, did you use “setup”? When the prompt “Masquerade network : yes” appeared, did you change that to “no”? If not it puts this in “/ip firewall nat”:
add chain=srcnat action=masquerade src-address=10.0.0.0/20
That would cause your problem. Disable that rule.
when disable it in nat i loss internet and i cant access squid with 192.168.10.1 ip
Then you need a masquerade with out-interface- WAN. .
i will try it but what is masquerade ?
and i want to learn mikrotik where i can learn it i have ccna and ccnp
If ether1 is your WAN interface (internet), then this is the masquerade rule you should have.
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1
With this rule, you should be able to access the internet and the ips of your hotspot clients should show correctly in the squid server.
thanks i will try it and tell you what is happened thanks for fast support
If your squid have two interfaces, one for Mikrotik, and second for WAN, then you have to create as additional route on SQUID Box for user subnet pointing to mikrotik so that SQUID can see user original ip instead of mikrotik. Something like following.
route add -net 172.16.0.0 netmask 255.255.0.0 gw 192.168.2.1 dev eth0
Whereas 172.16.x.x series is user subnet (in my case it was pppoe user pool) and 192.168.2.1 is the Mikrotik interface via squid is connected with.
Make sure to specifically define WAN interface in default NAT rule, so that traffic going to squid should not be natted with default mikrotik IP. This is important if you want to log user original ip int eh squid access.log. Something like …
/ip fi nat add action=masquerade chain=srcnat disabled=no out-interface=WAN
If squid have just one interface connected with default gateway pointed to MT, then no need to create additional route.
Some example here.
http://aacable.wordpress.com/2011/07/21/mikrotik-howto-redirect-http-traffic-to-squid-with-original-source-client-ip/
i tried all this and i install squid from your script in blog but i can’t show my users in squid with original ip
Its time to post your network layout, perhaps a network diagram and your mikrotik config in order to get pin point directions.
/ip fi nat ex
/ip fi man ex
/ip route ex
If you removed the hotspot masquerade, that is what allowed your squid server to get the correct localnet ips. But after removing that rule, you did need a new srcnat rule as both aacable and I suggested.
edit: If you do have two NICs in the squid server, the new route in the squid server suggested by aacable would be needed to route the hotspot ips back to the Mikrotik router. But the lack of that route would have caused the squid server to not return replies to the hotspot clients, not get the Mikrotik interface ip for hotspot users in the squid server.