[Dnsmasq-discuss] Re: using squid with dnsmasq and hosts file

Troy Piggins troy at piggo.com
Fri Jul 18 06:34:36 BST 2008 

* richardvoigt at gmail.com wrote :
>* Troy Piggins wrote:
> 
>> Not sure if this is a squid or dnsmasq problem, so hope you don't
>> mind me asking same question in 2 lists.
>>
>> I'm using squid3 as a transparent proxy by redirecting port 80
>> in iptables, and dnsmasq as well.  This all works fine.  But now
>> I'm trying to utilise the mvps hosts file to block malicious
>> URLs and am having trouble getting squid to recognise this hosts
>> file.
>>
>> On a previous installation I had the mvps hosts file saved as
>> /etc/hosts.mvps and set up dnsmasq to read this file as an
>> additional hosts file.  I changed the IP addresses in the mvps
>> hosts file from [2]127.0.0.1 to [3]192.168.0.100 and set up a virtual
>> IP address and web page so that if a browser on the network
>> wanted to connect to a URL that was in the hosts file, the user
>> would get a locally served page saying "sorry, malicious site
>> blocked" or something like that.  I thought that was all pretty
>> cool.
>>
>> So now I have the same setup, but have installed squid as this
>> transparent proxy.  It is all working fine... except that squid
>> seems to be bypassing the /etc/hosts.mvps file.
>> So normal pages are viewed fine.
>> And if I ping one of the mvps hosts from the commandline it
>> correctly returns the IP address [4]192.168.0.100.
>> And if I put the URL [5]192.168.0.100 in a browser I get the correct
>> blocked site message.
>> But from a browser if I try to view a website listed in the mvps
>> hosts file, I don't get the blocked site message page, I get the
>> real (malicious) one.
>>
>> IIUC squid should be reading /etc/resolv.conf for DNS?  Mine is
>>
>>  nameserver [6]127.0.0.1
>>  search isp.invalid
>>
>> And so if it's using localhost and DNS, that's dnsmasq and the
>> mvps hosts file should come into play.
>>
>> What am I missing?
> 
> I don't know a whole lot about squid, just that it is a caching proxy.
> And as a result, as alternative configurations you tried might not have
> been properly tested if you didn't wipe the cache.
>
> If you intend to troubleshoot, I'd suggest clearing the squid cache and
> then running wireshark, listening to udp and tcp port 53 while you browse
> to one of the blocked pages.

Thanks for the tips.  I'm trying a squid-based solution.

-- 
Troy Piggins

More information about the Dnsmasq-discuss mailing list