i use squid 2.7 and i can't show my user in squid log i use hotspot all log in squid is src ip pls help
my network
router board pcc (192.168.4.1)
|
|
squid 192.168.10.1
|
|
mikrotik (hotspot) 10.0.0.1
|
|
users
-
-
scorpion4111
just joined
- Posts: 18
- Joined:
[solved by aacable ] help with squid i can't show user ip
Last edited by scorpion4111 on Fri Feb 07, 2014 7:26 am, edited 1 time in total.
Re: help with squid i can't show user ip in squid
This is usually an issue with NAT. Try not to use a SRC-NAT rule on the 10.0.0.1 router. If you do, then your address will be masqueraded and you'll see the users as 10.0.0.1 and not their own IPs.i use squid 2.7 and i can't show my user in squid log i use hotspot all log in squid is src ip pls help
my network
router board pcc (192.168.4.1)
|
|
squid 192.168.10.1
|
|
mikrotik (hotspot) 10.0.0.1
|
|
users
-
-
scorpion4111
just joined
- Posts: 18
- Joined:
Re: help with squid i can't show user ip in squid
Thanks for the help, but I tried not src-nat But the problem exists i show all Request in squid with 192.168.10.2 and this not orginal ip of user
hotspot pool 10.0.0.1/20
squid is 192.168.10.1
ethernet in mikroitk to squid 192.168.10.2
if you can help me with team viewr
hotspot pool 10.0.0.1/20
squid is 192.168.10.1
ethernet in mikroitk to squid 192.168.10.2
if you can help me with team viewr
Re: help with squid i can't show user ip in squid
Sure, I can TV in, but then you'll have to mail me. anrkey@gmail.com
I'll have to do it tonight though.
I'll have to do it tonight though.
Re: help with squid i can't show user ip in squid
AnRkey is right. If you have this:
edit: It is probably the hotspot masquerade. When you installed the hotspot, did you use "setup"? When the prompt "Masquerade network : yes" appeared, did you change that to "no"? If not it puts this in "/ip firewall nat":
That would cause your problem. Disable that rule.
and you show all ips in your squid as 192.168.10.2, you have a nat somewhere in there.ethernet in mikroitk to squid 192.168.10.2
edit: It is probably the hotspot masquerade. When you installed the hotspot, did you use "setup"? When the prompt "Masquerade network : yes" appeared, did you change that to "no"? If not it puts this in "/ip firewall nat":
Code: Select all
add chain=srcnat action=masquerade src-address=10.0.0.0/20
-
-
scorpion4111
just joined
- Posts: 18
- Joined:
Re: help with squid i can't show user ip in squid
when disable it in nat i loss internet and i cant access squid with 192.168.10.1 ipAnRkey is right. If you have this:and you show all ips in your squid as 192.168.10.2, you have a nat somewhere in there.ethernet in mikroitk to squid 192.168.10.2
edit: It is probably the hotspot masquerade. When you installed the hotspot, did you use "setup"? When the prompt "Masquerade network : yes" appeared, did you change that to "no"? If not it puts this in "/ip firewall nat":That would cause your problem. Disable that rule.Code: Select alladd chain=srcnat action=masquerade src-address=10.0.0.0/20
Re: help with squid i can't show user ip in squid
Then you need a masquerade with out-interface- WAN. .
-
-
scorpion4111
just joined
- Posts: 18
- Joined:
Re: help with squid i can't show user ip in squid
Then you need a masquerade with out-interface- WAN. .
i will try it but what is masquerade ?
and i want to learn mikrotik where i can learn it i have ccna and ccnp
Re: help with squid i can't show user ip in squid
If ether1 is your WAN interface (internet), then this is the masquerade rule you should have.
With this rule, you should be able to access the internet and the ips of your hotspot clients should show correctly in the squid server.
Code: Select all
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1
-
-
scorpion4111
just joined
- Posts: 18
- Joined:
Re: help with squid i can't show user ip in squid
thanks i will try it and tell you what is happened thanks for fast supportIf ether1 is your WAN interface (internet), then this is the masquerade rule you should have.With this rule, you should be able to access the internet and the ips of your hotspot clients should show correctly in the squid server.Code: Select all/ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
Re: help with squid i can't show user ip in squid
If your squid have two interfaces, one for Mikrotik, and second for WAN, then you have to create as additional route on SQUID Box for user subnet pointing to mikrotik so that SQUID can see user original ip instead of mikrotik. Something like following.
Whereas 172.16.x.x series is user subnet (in my case it was pppoe user pool) and 192.168.2.1 is the Mikrotik interface via squid is connected with.
Make sure to specifically define WAN interface in default NAT rule, so that traffic going to squid should not be natted with default mikrotik IP. This is important if you want to log user original ip int eh squid access.log. Something like ...
If squid have just one interface connected with default gateway pointed to MT, then no need to create additional route.
Some example here.
http://aacable.wordpress.com/2011/07/21 ... client-ip/
Code: Select all
route add -net 172.16.0.0 netmask 255.255.0.0 gw 192.168.2.1 dev eth0Make sure to specifically define WAN interface in default NAT rule, so that traffic going to squid should not be natted with default mikrotik IP. This is important if you want to log user original ip int eh squid access.log. Something like ...
Code: Select all
/ip fi nat add action=masquerade chain=srcnat disabled=no out-interface=WANSome example here.
http://aacable.wordpress.com/2011/07/21 ... client-ip/
-
-
scorpion4111
just joined
- Posts: 18
- Joined:
Re: help with squid i can't show user ip in squid
i tried all this and i install squid from your script in blog but i can't show my users in squid with original ip
Re: help with squid i can't show user ip in squid
Its time to post your network layout, perhaps a network diagram and your mikrotik config in order to get pin point directions.
Code: Select all
/ip fi nat exCode: Select all
/ip fi man exCode: Select all
/ip route exRe: [solved by aacable ] help with squid i can't show user i
If you removed the hotspot masquerade, that is what allowed your squid server to get the correct localnet ips. But after removing that rule, you did need a new srcnat rule as both aacable and I suggested.
edit: If you do have two NICs in the squid server, the new route in the squid server suggested by aacable would be needed to route the hotspot ips back to the Mikrotik router. But the lack of that route would have caused the squid server to not return replies to the hotspot clients, not get the Mikrotik interface ip for hotspot users in the squid server.
edit: If you do have two NICs in the squid server, the new route in the squid server suggested by aacable would be needed to route the hotspot ips back to the Mikrotik router. But the lack of that route would have caused the squid server to not return replies to the hotspot clients, not get the Mikrotik interface ip for hotspot users in the squid server.