Squid with LigthSqiud reporting

Modesty · Dec 14, 2018, 1:36 PM

Hi

i have installed LigthSquid and it partly working.
login-to-view

My DHCP has some static IP and dynamik in rage 100-255
The question is that my static, in range 2-99 is not logged, or it is not showing on the LigthSquid report.

Something i have misunderstood?

I used this guide in some parts of setup
https://www.youtube.com/watch?v=f8E3M5ed9ac

KOM · Dec 14, 2018, 3:04 PM

Are they even using the proxy at all? Lightsquid builds its reports based on the squid access.log file. Are you using transparent or explicit proxy? If transparent, check Services - Squid proxy server - General - Transparent Proxy Settings - Bypass Proxy for These Source IPs and see if there is anything there.

Modesty · Dec 14, 2018, 4:02 PM

@kom said in Squid with LigthSqiud reporting:

pass Proxy for These Source IP

Nothing there

login-to-view

KOM · Dec 14, 2018, 5:29 PM

Well, once you answer my question about which mode your proxy is running in and confirmation that the missing users are definitely using the proxy or not, I might be able to come up with other ideas.

Modesty · Dec 14, 2018, 5:36 PM

@kom
Thanks for helping me.

Transparent HTTP Proxy is enebled

SSL filtering disabled

login-to-view

I also experience that log dont change:

login-to-view

The Sum Bytes are the same now as for 5 h ago

KOM · Dec 14, 2018, 6:32 PM

If you look at the squid access.log yourself, do you see any entries from IP addresses that are supposed to be in the report but aren't?

Modesty · Dec 14, 2018, 8:03 PM

@kom
I have a static ip on 192.168.0.50 that is not showing in log (a online smart house controller).

DHCP range is from 192.168.0.100 -.200

I only find log entries from DHCP range, no ip's under .100

So i guess that range outide DHCP is not catched.

KOM · Dec 14, 2018, 8:11 PM

Which means they aren't using the proxy. Is it possible that those devices are using a different gateway? pfSense can only transparently capture traffic that passes through it.

Modesty · Dec 15, 2018, 7:19 AM

Thanks for answer KOM.

Static IP use the same gateway, and I have only one defined in System->Routing

My conclusion so far is that IP's outside DHCP range are not captured (and static IP must be outside DHCP range).

I think this is something that is not the intension for makers of Squid, so there must be an answer someware. The idea to monitor traffic and not messure static IP is not best practise :

Anybody who have a indea for next step in this riddle?

Modesty · Dec 15, 2018, 10:39 AM

And now its fun
I switched on a pc with static IP and guess....:

login-to-view

.16 ip is in log. and .16 is static

I have many static, this is the only one in 3 days...

Any new ideas?

KOM · Dec 17, 2018, 3:04 PM

Nope. Borked configuration maybe? I stopped using transparent years ago and switched to explicit + WPAD.

Modesty · Dec 28, 2018, 9:40 AM

Hi

In my LigthSquid logs I only get http:// entries:

login-to-view

Is this an expected behaviour, not logging all types of access, like https?

KOM · Jan 2, 2019, 2:23 PM

You won't get ANY https traffic in transparent mode unless you install a trusted cert on every single last client that will use your proxy.