[Dnsmasq-discuss] DNS pattern response

Santiago Zarate santiago at zarate.net.ve
Fri Dec 4 17:18:27 GMT 2009

add an IPTABLES rule.... and that's it..

if i'm not mistaken:

# DNAT port 80 request comming from LAN systems to squid 3128
($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j

Taken from here:

2009/12/4 Eric Laganowski <eric at laganowski.net>:
> richardvoigt at gmail.com wrote:
>> On Thu, Dec 3, 2009 at 10:06 PM, Perette Barella <perette at barella.org> wrote:
>>> I think there's a misunderstanding on how the WPAD DNS version operates. The "wpad.domain.localnet" is used by the browser at startup to locate the proxy configuration file which applies to all domains.  You don't need a separate wpad.google.com and wpad.amazon.com for every domain users are trying to connect to.
>>> If for some reason your local hosts are configured with different domain names (and therefore looking up wpad.google.com or wpad.amazon.com), I think we need more explanation on just what strangeness you've got going on.
>> In general, I think we can say that users who have ignored the
>> DHCP-provided domain and configured their own intend to opt-out of
>> wpad.  Browser proxy settings are at the discretion of the user
>> anyway, if you want a mandatory proxy setup you'll need to use
>> iptables to accomplish that, not DNS.
>> There's no need to wildcard match wpad hostnames, which are subject to
>> user-side DNS caching anyway (a user who has configured for
>> domain=google.com probably already has wpad.google.com cached and
>> won't get information from dnsmasq).
>> Any solution to this which involves DNS is inherently broken.
> Guys, all I want to do is to be able to use my company-provided laptop
> at home which has proxy in the network. It is configured with a
> different domain than my local subnet for obvious reasons.
> DHCP was tested and confirmed to work properly with MSIE. FF does not
> work as it relies purely on DNS (wpad). The idea is to make this as
> transparent as possible.
> -Eric
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list