Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAVP+SQUID Not showing client IP?

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      carboncopy
      last edited by

      I am having some trouble getting LAN IP addresses to show up in my PF logs when using HAVP and Squid.  Even when running HAVP by itself, I am unable to get the client IP address to show up in the PF logs.  The best I can get is the 127.0.0.1 address in my PF logs.  Is there a bug or does it sound like a misconfiguration on my end?

      When I do get client IP's to work HAVP fails to detect the eicar test file.  Scheme: {inet}->[HAVP]->[Squid cache]->{clients} I am running 1.2.3 stable.

      PFlog:

      IP 192.168.1.155.64780 > localhost.3125: [|tcp]

      Any advice would be greatly appreciated!

      -CC
      HAVP.jpg
      HAVP.jpg_thumb
      Squid2.jpg
      Squid2.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If you have one proxy in front of the other, only one of them will actually see the client's IP address. The other one will just see the IP of the first proxy you hit.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          carboncopy
          last edited by

          Thanks for the reply.  The documentation seems to imply otherwise?  Per the config guide: http://doc.pfsense.org/index.php/HAVP_Package_for_HTTP_Anti-Virus_Scanning

          How to in the HAVP logs get a real IP clients

          Typically, the logs HAVP with Squid instead addresses customers displayed address 127.0.0.1. How to fix this:

          Squid:

          Uncheck Disable X-Forward
             Uncheck Disable VIA
             Save

          HAVP:

          Check Enable Forwarded IP
             Save

          1 Reply Last reply Reply Quote 0
          • L
            LostInIgnorance
            last edited by

            @carboncopy:

            Scheme: {inet}->[HAVP]->[Squid cache]->{clients}

            It looks as if your configuration on your pfSense is backwards compared to what you had referenced in the quote above.  HAVP should be set to "parent for squid" not "transparent".  Squid configuration looks correct.  That change should then allow the logs to show up correctly.

            1 Reply Last reply Reply Quote 0
            • C
              carboncopy
              last edited by

              I've actually tried almost all configuration combinations and I am not able to get the client IP in the logs.  Has anyone been successful with this?  I've read in the 2.0 pfsense release Squid will not bypass pf, and should provide visibility to the client IP address.  I think it is a functionally issue not a configuration issue.  Although, I have been wrong before. :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.