|
Posted by Christoph Gartmann on August 8, 2008, 3:58 am
If you were Registered and logged in, you could reply and use other advanced thread options
>One I would put out there in the hope there might be a better way of
>doing this
>Currently we have a PIX that does NAT and PAT translations for the
>users accessing the internet
>All HTTP traffic is passed thru the PIX to a Linux box running Squid
>on Ubuntu 8.04 via a Global Address Pool
>When the PIX runs out of NAT addresses it does PAT, no worries it all
>works OK
>When I try and monitor the usage of the Squid server it looks at the
>translated IP and uses this for reporting in SARG or Webalizer
>When I have multiple systems accessing the net I cannot determine the
>true source address only the PAT'd address
>
>The users exist in multiple subnets and the Squid server is on
>192.168.1.13 which is the DMZ subnet
>As Squid uses NT Authentication this is not an issue for users who
>authenticate against the Squid server but for users where there is no
>authentication all I see is the translated address and for PAT this is
>just one IP. I have no way of telling exactly what use it was / is
Have the Pix log to a syslog server its informational messages. Then you
get a logfile where you find all the translations together with the time.
Regards,
Christoph Gartmann
--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -80464
Immunbiologie
Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map