Dansguardian See Source IP

qwaven

Hey all,

Wondering if anyone can help with the logging side of Dansguardian/Squid?

I'm currently running 2.1.3-RELEASE and current package for Dansguardian and Squid3.

I've also installed a few log watching packages/also built in ones and I'm seeing traffic but it all appears to be sourced from PFSense "127.0.0.1" instead of the actual IP "LAN IP" of the source.

Below are what I'm looking at:

Status –> Proxy Report
Status --> Sarg Reports
Server --> Proxy Server --> Real Time

I'm redirecting port 80 with my firewall so all traffic goes through Dansguardian and Squid. Does redirect cause this?

Perhaps I've just got the wrong options enabled?

Any thoughts/help would be great!

Thanks

rjcrowder

Look at the dansguardian logs. It is getting lost on the pass from dg to squid. In theory you can also get it to show in squid by setting the xforwarded header and then reporting that in squid - but I was never able to get it working.

smar

I have mine working using the x-forwarder etc.

1. On the Proxy Services page, in the Custom ACLs(Before_Auth) box, add (without the quotations) "follow_x_forwarded_for allow localhost"

2. On the Dansguardian page, General Tab, Under Misc Settings, select the line "fowardedfor(off)" and click save

Both my proxy reports and the Sarge reports now show the client IPs.

rjcrowder

If you want something a little better for reporting on DG, you can also check this out… https://forum.pfsense.org/index.php?topic=69003.msg377440#msg377440

qwaven

Hey all,

Thanks a lot for your replies. I've configured Squid/Dansguardian as suggested and it appears to be working. In Sarg and I monitor Squid logs and see local lan IP's now. :)

Might try and play around with dglog2 at some point.

Cheers!