<div dir="ltr"><br><br><div class="gmail_quote">On Thu, Jul 17, 2008 at 11:54 PM, Troy Piggins <<a href="mailto:troy@piggo.com">troy@piggo.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Not sure if this is a squid or dnsmasq problem, so hope you don't<br>
mind me asking same question in 2 lists.<br>
<br>
I'm using squid3 as a transparent proxy by redirecting port 80<br>
in iptables, and dnsmasq as well. This all works fine. But now<br>
I'm trying to utilise the mvps hosts file to block malicious<br>
URLs and am having trouble getting squid to recognise this hosts<br>
file.<br>
<br>
On a previous installation I had the mvps hosts file saved as<br>
/etc/hosts.mvps and set up dnsmasq to read this file as an<br>
additional hosts file. I changed the IP addresses in the mvps<br>
hosts file from <a href="http://127.0.0.1" target="_blank">127.0.0.1</a> to <a href="http://192.168.0.100" target="_blank">192.168.0.100</a> and set up a virtual<br>
IP address and web page so that if a browser on the network<br>
wanted to connect to a URL that was in the hosts file, the user<br>
would get a locally served page saying "sorry, malicious site<br>
blocked" or something like that. I thought that was all pretty<br>
cool.<br>
<br>
So now I have the same setup, but have installed squid as this<br>
transparent proxy. It is all working fine... except that squid<br>
seems to be bypassing the /etc/hosts.mvps file.<br>
So normal pages are viewed fine.<br>
And if I ping one of the mvps hosts from the commandline it<br>
correctly returns the IP address <a href="http://192.168.0.100" target="_blank">192.168.0.100</a>.<br>
And if I put the URL <a href="http://192.168.0.100" target="_blank">192.168.0.100</a> in a browser I get the correct<br>
blocked site message.<br>
But from a browser if I try to view a website listed in the mvps<br>
hosts file, I don't get the blocked site message page, I get the<br>
real (malicious) one.<br>
<br>
IIUC squid should be reading /etc/resolv.conf for DNS? Mine is<br>
<br>
nameserver <a href="http://127.0.0.1" target="_blank">127.0.0.1</a><br>
search isp.invalid<br>
<br>
And so if it's using localhost and DNS, that's dnsmasq and the<br>
mvps hosts file should come into play.<br>
<br>
What am I missing?</blockquote><div><br>I don't know a whole lot about squid, just that it is a caching proxy. And as a result, as alternative configurations you tried might not have been properly tested if you didn't wipe the cache.<br>
<br>If you intend to troubleshoot, I'd suggest clearing the squid cache and then running wireshark, listening to udp and tcp port 53 while you browse to one of the blocked pages.<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
<br>
As an alternative, I've seen reference to using mvps entries<br>
somehow in squid.conf acls or rules, but haven't found a good<br>
explanation of /how/ to do this or examples. Any pointers there<br>
if that's the better way to go?<br>
<br>
Hope I've provided enough details.<br>
<font color="#888888"><br>
--<br>
Troy Piggins<br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
</font></blockquote></div><br></div>