WAN IN traffic not showing in LAN Traffic



  • 
    2.2.6-RELEASE (amd64)
    built on Mon Dec 21 14:50:08 CST 2015
    FreeBSD 10.1-RELEASE-p25
    
    
    Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
    2 CPUs: 1 package(s) x 2 core(s)
    
    
    State table size 	
    1% (1406/196000)
    Show states
    MBUF Usage 	
    8% (2124/26584) 
    
    State table size 	
    1% (1406/196000)
    Show states
    MBUF Usage 	
    8% (2124/26584) 
    

    I am facing weird issuing , i am seeing WAN IN traffic in traffic graph but i am not seeing any LAN traffic

    Connection

    ISP Router ->  PFsense int0(wan)–---pfsense int1(LAN)---->Switch ---> PC's

    i am using Squid Dynamic Cache to cache windows update and AV updates for 30+ PC's

    
    # refresh_pattern -i \.htm 120 50% 10080 reload-into-ims
    # refresh_pattern -i \.html 120 50% 10080 reload-into-ims
    # refresh_pattern ^http://*.facebook.com/* 720 100% 4320
    #refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
    # refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
    # refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
    # refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
    # refresh_pattern ^http://*.google.*/.* 720 100% 4320
    # refresh_pattern ^http://*.kaskus.*/.* 720 100% 4320
    # refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
    # refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
    #refresh_pattern ^http://*.telkom.*/.* 720 100% 4320
    
    # refresh_pattern imeem.*\.flv  0 0% 0     override-lastmod override-expire
    # refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]*   161280    90%    161280 ignore-reload
    
    #  refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)    10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
    # refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?)    10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
    # refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?)       10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
    
    # refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)    10800 80% 10800 reload-into-ims override-expire ignore-private
    # refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.      10800 80% 10800 reload-into-ims ignore-no-cache  ignore-reload override-expire
    # refresh_pattern ^http:\/\/www.onemanga.com.*\/           10800 80% 10800 reload-into-ims ignore-no-cache  ignore-reload override-expire
    
    # ANTI VIRUS
    refresh_pattern guru.avg.com/.*\.(bin)                      10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
    refresh_pattern (avgate|avira).*(idx|gz)$                           10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
    refresh_pattern kaspersky.*\.avc$                                   10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
    refresh_pattern kaspersky                                           10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
    refresh_pattern update.nai.com/.*\.(gem|zip|mcs)                    10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
    refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)     10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
    
    refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    
    refresh_pattern windowsupdate.com/.*\.(cab|exe)             10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims
    refresh_pattern update.microsoft.com/.*\.(cab|exe)             10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims
    refresh_pattern download.microsoft.com/.*\.(cab|exe)             10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims
    
    #images facebook
    refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif)      10800 80% 10800 ignore-reload  override-expire ignore-no-cache
    refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)                  10800 80% 10800 ignore-reload  override-expire ignore-no-cache
    refresh_pattern  static\.ak\.fbcdn\.net*\.(jpg|gif|png)                  10800 80% 10800 ignore-reload  override-expire ignore-no-cache
    refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)      10800 80% 10800 ignore-reload  override-expire ignore-no-cache
    
    #All File
    refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms)      10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v))          10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)     10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))     10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
    
    # refresh_pattern (cgi-bin|\?)       0      0%      0
    # refresh_pattern ^gopher:    1440    0%    1440
    # refresh_pattern ^ftp:         10080     95%     10800 override-lastmod reload-into-ims
    #  refresh_pattern         .     180     95% 10800 override-lastmod reload-into-ims
    








  • I don't understand the issue. You configured Squid to preemptively download files and you're wondering why you don't see any LAN traffic? Squid is the one downloading, it's not on your LAN.



  • updated

    
    #All File
    refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms)      10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims; range_offset_limit -1;
    refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v))          10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims; range_offset_limit -1;
    refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)     10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims; range_offset_limit -1;
    refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims; range_offset_limit -1;
    refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))     10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
    
    # Updates
    
    refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims; range_offset_limit -1;
    refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims; range_offset_limit -1;
    refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims; range_offset_limit -1;
    
    # AV updates
    
    # refresh_pattern avast/.*\.(bin|vpx)                      10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims; range_offset_limit -1;
    range_offset_limit 0;
    quick_abort_pct 70;