Hi all One I would put out there in the hope there might be a better way of doing this Currently we have a PIX that does NAT and PAT translations for the users accessing the internet All HTTP traffic is passed thru the PIX to a Linux box running Squid on Ubuntu 8.04 via a Global Address Pool When the PIX runs out of NAT addresses it does PAT, no worries it all works OK When I try and monitor the usage of the Squid server it looks at the translated IP and uses this for reporting in SARG or Webalizer When I have multiple systems accessing the net I cannot determine the true source address only the PAT'd address
The users exist in multiple subnets and the Squid server is on 192.168.1.13 which is the DMZ subnet As Squid uses NT Authentication this is not an issue for users who authenticate against the Squid server but for users where there is no authentication all I see is the translated address and for PAT this is just one IP. I have no way of telling exactly what use it was / is Cheers, Scott