• Hi Guys,

    Am having trouble with our Squid Proxy. Yes it is enabled, but the thing is I didn't configured any thing to point our computers to proxy. They are all set in "Automatically detect proxy" but the thing is I did not configured WPAD. How is this even possible. And the proxy server that was returned in proxy check is the IP of our ISP. It's the public IP.

    Take a look at my screenshot:
    0_1531186244643_proxy check.JPG

    It says there that server that is holding the WPAD (since our setting is set to automatically detect) is Nginx. I checked nginx.conf but I didn't see any codes in there that point out or host WPAD.

    Do you guys have any idea? And btw, when I blocked something in squidguard, it is not working.

  • The automatic detect settings will look for wpad configuration on your dns and dhcp. To see if any traffic is hitting squid, take a look on realtime tab.

  • @marcelloc Yup. I am aware of that. I can confirmed that I removed the settings in DNS and DHCP for WPAD. I can't even resolve wpad when I try it in cmd using NSLOOKUP utility. That's why it is kind of weird.

    I already checked the real time tab and it is logging the connection. So it means that it is passing thru our proxy.

  • ok. Check with tcpdump on console/ssh if the traffic is hitting the proxy with a direct proxy connection or via transparent proxy.

    If pfsense is the dns server you will able to see all dns request from the machine too.

  • @marcelloc Do you have any guide on using this tcpdump? How do I know if it's hitting a direct or a transparent proxy?

  • If the destination ip/port is the pfSense ip with proxy port, then it's a direct connect.
    If the destination ip/por is an valip ip address with port 80 or 443 then it's a transparent connection if transparent mode is configured.

    The basic usage for tcpdump is: