[H-GEN] using squid with dnsmasq

Troy Piggins troy at piggo.com
Thu Jul 17 04:04:02 EDT 2008 

* Troy Piggins wrote :
> 
> I'm using squid3 as a transparent proxy by redirecting port 80
> in iptables, and dnsmasq as well.  This all works fine.  But now
> I'm trying to utilise the mvps hosts file to block malicious
> URLs and am having trouble getting squid to recognise this hosts
> file.
> 
> On a previous installation I had the mvps hosts file saved as
> /etc/hosts.mvps and set up dnsmasq to read this file as an
> additional hosts file.  I changed the IP addresses in the mvps
> hosts file from 127.0.0.1 to 192.168.0.100 and set up a virtual
> IP address and web page so that if a browser on the network
> wanted to connect to a URL that was in the hosts file, the user
> would get a locally served page saying "sorry, malicious site
> blocked" or something like that.  I thought that was all pretty
> cool.
> 
> So now I have the same setup, but have installed squid as this
> transparent proxy.  It is all working fine... except that squid
> seems to be bypassing the /etc/hosts.mvps file.
> So normal pages are viewed fine.
> And if I ping one of the mvps hosts from the commandline it
> correctly returns the IP address 192.168.0.100.
> And if I put the URL 192.168.0.100 in a browser I get the correct
> blocked site message.
> But from a browser if I try to view a website listed in the mvps
> hosts file, I don't get the blocked site message page, I get the
> real (malicious) one.
> 
> IIUC squid should be reading /etc/resolv.conf for DNS?  Mine is
> 
>   nameserver 127.0.0.1
>   search isp.invalid
> 
> And so if it's using localhost and DNS, that's dnsmasq and the
> mvps hosts file should come into play.
> 
> What am I missing?
> 
> As an alternative, I've seen reference to using mvps entries
> somehow in squid.conf acls or rules, but haven't found a good
> explanation of /how/ to do this or examples.  Any pointers there
> if that's the better way to go?
> 
> Hope I've provided enough details.

Seems pretty quiet on this list too.  Do you think the question
is too specific?  ie should I ask it in the dnsmasq or squid
mailing lists (if indeed they exist, have to check)?

-- 
Troy Piggins | http://piggo.com/~troy                           
RLU#415538                                                      ,-O   (o-    O  
                                                               O   )  //\     O 
                                                                `-O   V_/_  OOO

More information about the General mailing list