Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is there a way to FORWARD local client IP address , instead of the proxy IP?

    Scheduled Pinned Locked Moved Cache/Proxy
    7 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elcid
      last edited by

      To be more descriptive.

      When I am looking at some logs, the proxy IP address appears as the source, I would like to see the clients IP addresses instead.

      I am currently not NATing with PFsense firewall, I have SquidGuard and Squid setup as transparent proxy.

      Is this possible with the proxy in place?

      thanks everyone!

      1 Reply Last reply Reply Quote 0
      • E
        elcid
        last edited by

        I guess not ? :(

        :'(

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          You mean like the X-Forwarded-For header, or?

          1 Reply Last reply Reply Quote 0
          • E
            elcid
            last edited by

            Hello,

            I am not sure what the terminology would be, what I need to know is if there's a way to allow the clients behind the proxy IPs be seen and logged individually by other tools located in the LAN.

            What I am seeing now is that clients that are using the proxy,  their LAN ip are hidden as they are behind the proxy server.  So all connection logs etc appears to be coming from the proxy - which is understandable..

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Yes, you'd need to add the header (General - X-Forwarded Header Mode) and log those headers on the server.

              1 Reply Last reply Reply Quote 0
              • E
                elcid
                last edited by

                Doktornator:

                First, let me once again say many thanks.  People like you make learning and working with linux software fun!.

                I checked my squid.conf file:

                Allow local network(s) on interface(s)

                acl localnet src  192.168.0/24 
                forwarded_for on

                From what I can see above, the forward_on is already set in place. Its enabled.  Yet, when clients are browsing the internet, the logs are not showing in snort/security onion as the client IP but as the proxy server IP address.

                In the same proxy.conf configuration, I found this entry:

                icap_send_client_ip on

                which is also on as per default configuration.

                I am guessing I am missing this part:

                "and log those headers on the server"  this is the part I am tad confused about but I am definitively searching.  I am trying to view info in my snort/security onion logs.

                Once again thanks Dok!

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  No, Snort does not look at X-Forwarder-For headers. Those are useful for webservers. There is no such thing available, frankly. icap_send_client_ip will add X-Client-IP header. These do NOT rewrite the source IP in the packets, this is L7 stuff.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.