[H-GEN] using squid with dnsmasq
Troy Piggins
troy at piggo.com
Thu Jul 17 04:04:02 EDT 2008
* Troy Piggins wrote :
>
> I'm using squid3 as a transparent proxy by redirecting port 80
> in iptables, and dnsmasq as well. This all works fine. But now
> I'm trying to utilise the mvps hosts file to block malicious
> URLs and am having trouble getting squid to recognise this hosts
> file.
>
> On a previous installation I had the mvps hosts file saved as
> /etc/hosts.mvps and set up dnsmasq to read this file as an
> additional hosts file. I changed the IP addresses in the mvps
> hosts file from 127.0.0.1 to 192.168.0.100 and set up a virtual
> IP address and web page so that if a browser on the network
> wanted to connect to a URL that was in the hosts file, the user
> would get a locally served page saying "sorry, malicious site
> blocked" or something like that. I thought that was all pretty
> cool.
>
> So now I have the same setup, but have installed squid as this
> transparent proxy. It is all working fine... except that squid
> seems to be bypassing the /etc/hosts.mvps file.
> So normal pages are viewed fine.
> And if I ping one of the mvps hosts from the commandline it
> correctly returns the IP address 192.168.0.100.
> And if I put the URL 192.168.0.100 in a browser I get the correct
> blocked site message.
> But from a browser if I try to view a website listed in the mvps
> hosts file, I don't get the blocked site message page, I get the
> real (malicious) one.
>
> IIUC squid should be reading /etc/resolv.conf for DNS? Mine is
>
> nameserver 127.0.0.1
> search isp.invalid
>
> And so if it's using localhost and DNS, that's dnsmasq and the
> mvps hosts file should come into play.
>
> What am I missing?
>
> As an alternative, I've seen reference to using mvps entries
> somehow in squid.conf acls or rules, but haven't found a good
> explanation of /how/ to do this or examples. Any pointers there
> if that's the better way to go?
>
> Hope I've provided enough details.
Seems pretty quiet on this list too. Do you think the question
is too specific? ie should I ask it in the dnsmasq or squid
mailing lists (if indeed they exist, have to check)?
--
Troy Piggins | http://piggo.com/~troy
RLU#415538 ,-O (o- O
O ) //\ O
`-O V_/_ OOO
More information about the General
mailing list