Re: [squid-users] localhost and RFC1918 addresses in TPROXY access.log

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 24 Nov 2009 12:58:27 +1300

On Tue, 24 Nov 2009 10:34:38 +1100, "Michael Bowe" <mbowe_at_pipeline.com.au>
wrote:
> Hi
>
> We run a number of squid 3.1.0.14 TPROXY caches in an ISP environment.
>
> In our access log we are seeing a fair few client IP addresses of
127.0.0.1
> and also RFC1918 address ranges.
>
> The caches do not have any local users. We do not have any RFC1918
clients
> accessing caches, all customers have real IP addresses.
>
> Is something broken here?

Hi Michael,

 Yes something is broken in the request routing loops. 127.0.0.1 should
not occur at all in a TPROXY chain without localhost users.

Please supply:
  your iptables -t mangle rules used to capture TPROXY
  any iptables -t nat rules
  the content of squid.conf (without comment #, or empty lines)
  the IPs of the squid box(es) and backend servers,

If possible with a description of whats _supposed_ to happen to a typical
clients request.

You don't have to post them publicly, but I will need to see them exactly
as-is to check the routing topology.

Amos
Received on Mon Nov 23 2009 - 23:58:36 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 24 2009 - 12:00:04 MST