[squid-users] Squid traffic paths

[Alex Rousskov]

On 2024-08-31 15:00, Scott Bates wrote:
> The squid logs show traffic going to the expected destinations.

I assume that the above statement does _not_ talk about problematic 
traffic. In other words, Squid does handle some transactions, but not 
the problematic transactions you are asking about. I believe the above 
observation confirms part (a) of my working theory.


> If I look at wireshark on one of the client systems I do see some http 
> entries going to those destinations through the squid server.

OK, for the purpose of this email thread, ignore traffic going through 
the Squid server.


> However 
> most of the traffic (UDP / TCP) doesn't seem to be going through the 
> squid server.

UDP: Squid does not proxy UDP-based protocols. If you want to proxy UDP, 
Squid is not the solution.

TCP: Squid can proxy HTTP/1 and FTP transactions (over TCP). Does that 
problematic TCP traffic in question contain HTTP or FTP transactions 
(i.e. originates from HTTP or FTP clients running on test VMs)? If not, 
then your existing "HTTP proxy configuration" on test VMs is probably 
not applicable -- the clients on those VMs probably ignore that HTTP 
proxy setting because they do not talk HTTP...


> I'm not sure how to force all traffic to use squid on the client system.

I do not know enough about Windows to help you with this Squid-unrelated 
configuration, but please note that since Squid cannot proxy traffic 
other than HTTP and FTP, you probably do not want to force traffic other 
than HTTP and FTP through Squid. In other words, Squid is not a 
"universal" proxy that can proxy everything.


HTH,

Alex.


> On 2024-08-28 09:14, Alex Rousskov wrote:
>> On 2024-08-28 08:52, Scott Bates wrote:
>> 
>>>> Alex: What protocol do those external services use in problematic use 
>>>> cases?>> Does Squid see the corresponding requests from VMs?
>>>> Squid can only proxy HTTP and FTP...
>> 
>>> http and https only
>> 
>> Does Squid log the corresponding problematic transactions to its 
>> access.log?
>> 
>> 
>>> The weird thing is I have an android test phone that also goes through 
>>> squid and that device shows the correct IP on the online services.
>> 
>> My working theory is that (a) android test phone goes through Squid 
>> (i.e. uses Squid as an HTTP proxy) while (b) the problematic test 
>> traffic does not (i.e. goes directly to the external service).
>> 
>> The first guess can be confirmed using access.log (should be trivial in 
>> an isolated test environment). The second guess can be confirmed by 
>> packet capture analysis (may not be trivial in a virtualized environment 
>> and on Windows).
>> 
>> 
>> HTH,
>> 
>> Alex.
>>