Yeah, if you've got access logging enabled in Squid and you aren't seeing anything in the log when this happens then chances are that your clients are simply getting SNATed (instead of proxied) out to the Internet. But as pointed out by acid_kewpie
, you've given us nothing to work with here. What do the logs look like? Is Squid in transparent mode? What do the firewall rules look like? Posting the output of these commands would help a lot:
cat /etc/squid/squid.conf | grep -v ^# | grep -v ^$
iptables -nvL -t nat
netstat -an --inet | grep LISTEN
Plus the relevant access log snippets (if there are any).