[squid-users] Tough: NAT port translation

Hi Alberto,

Thank you for your suggestion.

For you information, I have 2 different Internet connections. One for
surfing and the second dedicated is for other puposes (like SMTP, FTP etc).

The surfing link is connected via Squid while the dedicated Internet link is
connected through the FW other interface (the default gateway is configured
via this link). If I were to use what you proposed, I will have difficulty
redirecting the traffic properly at the FW, the FW cannot perform source
routing and cannot redirect which traffic for surfing (HTTP/ HTTPS) or which
traffic for (FTP, SMTP).

By placing Squid in the external side of FW, I can redirect traffic to Squid
based on the user's web client proxy settings. I also can redirect traffic
to the other link for application which cannot support proxy (as well using
the dedicated link).

Back to my previous question, anyone knows how to identify which session for
the incoming traffic is mapped to the outgoing session on proxy. My incoming
traffic is PAT (Port Address Translated), the access.log is not helpful as
it only provide the "same" source IP address (without the ports).

Thanks,

Andy

----- Original Message -----
From: "Alberto Sierra" <albertux@gmail.com>
To: "Andy Low" <andy@bgp5.net>
Sent: Wednesday, December 08, 2004 1:29 AM
Subject: Re: [squid-users] NAT port translation

> hi andy, im pretty confused with your setup, because is pretty hard to
> identify PAT translation slots even from the firewall itself, but,
> what i'd like to ask you, from a security point of view, and for your
> mental health too, why dont you move the squid to inside the "trusted"
> perimeter and have the requests from the squid to go patted or natted
> through the firewall?? then you'd kill two birds with one shot, you're
> protecting your squid cache, plus keeping track of what your users do.
> like this:
>
> localnet <---> squid <---> firewall <---> internet
>
> Alberto Sierra
>
>
> On Mon, 6 Dec 2004 22:04:02 +0800, Andy Low <andy@bgp5.net> wrote:
> > Hi,
> >
> > I have the following setup:
> >
> > Users <---> FW <---> Squid <---> Internet
> >
> > 1) The firewal (FW) interface, facing Squid is configure with PAT.
> > 2) Squid is listening at port 8080.
> >
> > When I execute "netstat -na" on squid, I see a lot of session
established
> > from FW to Squid and Squid to Internet.
> >
> > May I know to identify the actual session from FW to Internet. Take note
my
> > FW is doing a PAT.
> >
> > This is what appear in "netstat -na":
> >
> > Squid IP address facing FW -- 10.10.10.2
> > FW IP address facing squid -- 10.10.10.1
> > Squid External IP address facing Internet -- 10.10.20.1
> > Internet IP address are public IPs
> >
> > Local Address -- Foreign Address
> > 10.10.10.2:8080 -- 10.10.10.1:12312
> > 10.10.10.2:8080 -- 10.10.10.1:22341
> > 10.10.10.2:8080 -- 10.10.10.1:33810
> > 10.10.10.2:8080 -- 10.10.10.1:33879
> > ...
> > 10.10.20.1:22091 -- InternetIP1:12312
> > 10.10.20.1:22092 -- InternetIP2:22341
> > 10.10.20.1:22093 -- InternetIP3:33810
> > 10.10.20.1:22109 -- InternetIP4:33879
> > ..
> >
> > My access.log access logs are not help, all I can is only the FW IP
address
> > (10.10.10.1) (PAT).
> > 1231231231.004 5678 10.10.10.1 TCP_MISS ......
> > 1231231567.020 23 10.10.10.1 TCP_MISS ......
> > 1231231688.027 69 10.10.10.1 TCP_MISS ......
> > 1231231899.004 430 10.10.10.1 TCP_MISS ......
> >
> > Is there a way to find out how Squid translate internally, meaning
session
> > from "10.10.10.1:22341" is the same session for "10.10.20.1:22092".
> >
> > Thanks,
> >
> > Andy
> >
> >
Received on Tue Dec 07 2004 - 18:27:29 MST