[Dnsmasq-discuss] using squid with dnsmasq and hosts file

richardvoigt at gmail.com richardvoigt at gmail.com
Fri Jul 18 06:15:57 BST 2008


On Thu, Jul 17, 2008 at 11:54 PM, Troy Piggins <troy at piggo.com> wrote:

> Not sure if this is a squid or dnsmasq problem, so hope you don't
> mind me asking same question in 2 lists.
>
> I'm using squid3 as a transparent proxy by redirecting port 80
> in iptables, and dnsmasq as well.  This all works fine.  But now
> I'm trying to utilise the mvps hosts file to block malicious
> URLs and am having trouble getting squid to recognise this hosts
> file.
>
> On a previous installation I had the mvps hosts file saved as
> /etc/hosts.mvps and set up dnsmasq to read this file as an
> additional hosts file.  I changed the IP addresses in the mvps
> hosts file from 127.0.0.1 to 192.168.0.100 and set up a virtual
> IP address and web page so that if a browser on the network
> wanted to connect to a URL that was in the hosts file, the user
> would get a locally served page saying "sorry, malicious site
> blocked" or something like that.  I thought that was all pretty
> cool.
>
> So now I have the same setup, but have installed squid as this
> transparent proxy.  It is all working fine... except that squid
> seems to be bypassing the /etc/hosts.mvps file.
> So normal pages are viewed fine.
> And if I ping one of the mvps hosts from the commandline it
> correctly returns the IP address 192.168.0.100.
> And if I put the URL 192.168.0.100 in a browser I get the correct
> blocked site message.
> But from a browser if I try to view a website listed in the mvps
> hosts file, I don't get the blocked site message page, I get the
> real (malicious) one.
>
> IIUC squid should be reading /etc/resolv.conf for DNS?  Mine is
>
>  nameserver 127.0.0.1
>  search isp.invalid
>
> And so if it's using localhost and DNS, that's dnsmasq and the
> mvps hosts file should come into play.
>
> What am I missing?


I don't know a whole lot about squid, just that it is a caching proxy.  And
as a result, as alternative configurations you tried might not have been
properly tested if you didn't wipe the cache.

If you intend to troubleshoot, I'd suggest clearing the squid cache and then
running wireshark, listening to udp and tcp port 53 while you browse to one
of the blocked pages.


>
>
> As an alternative, I've seen reference to using mvps entries
> somehow in squid.conf acls or rules, but haven't found a good
> explanation of /how/ to do this or examples.  Any pointers there
> if that's the better way to go?
>
> Hope I've provided enough details.
>
> --
> Troy Piggins
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20080718/e513eeed/attachment.htm


More information about the Dnsmasq-discuss mailing list