[Dnsmasq-discuss] Re: using squid with dnsmasq and hosts file
Troy Piggins
troy at piggo.com
Fri Jul 18 06:34:36 BST 2008
* richardvoigt at gmail.com wrote :
>* Troy Piggins wrote:
>
>> Not sure if this is a squid or dnsmasq problem, so hope you don't
>> mind me asking same question in 2 lists.
>>
>> I'm using squid3 as a transparent proxy by redirecting port 80
>> in iptables, and dnsmasq as well. This all works fine. But now
>> I'm trying to utilise the mvps hosts file to block malicious
>> URLs and am having trouble getting squid to recognise this hosts
>> file.
>>
>> On a previous installation I had the mvps hosts file saved as
>> /etc/hosts.mvps and set up dnsmasq to read this file as an
>> additional hosts file. I changed the IP addresses in the mvps
>> hosts file from [2]127.0.0.1 to [3]192.168.0.100 and set up a virtual
>> IP address and web page so that if a browser on the network
>> wanted to connect to a URL that was in the hosts file, the user
>> would get a locally served page saying "sorry, malicious site
>> blocked" or something like that. I thought that was all pretty
>> cool.
>>
>> So now I have the same setup, but have installed squid as this
>> transparent proxy. It is all working fine... except that squid
>> seems to be bypassing the /etc/hosts.mvps file.
>> So normal pages are viewed fine.
>> And if I ping one of the mvps hosts from the commandline it
>> correctly returns the IP address [4]192.168.0.100.
>> And if I put the URL [5]192.168.0.100 in a browser I get the correct
>> blocked site message.
>> But from a browser if I try to view a website listed in the mvps
>> hosts file, I don't get the blocked site message page, I get the
>> real (malicious) one.
>>
>> IIUC squid should be reading /etc/resolv.conf for DNS? Mine is
>>
>> nameserver [6]127.0.0.1
>> search isp.invalid
>>
>> And so if it's using localhost and DNS, that's dnsmasq and the
>> mvps hosts file should come into play.
>>
>> What am I missing?
>
> I don't know a whole lot about squid, just that it is a caching proxy.
> And as a result, as alternative configurations you tried might not have
> been properly tested if you didn't wipe the cache.
>
> If you intend to troubleshoot, I'd suggest clearing the squid cache and
> then running wireshark, listening to udp and tcp port 53 while you browse
> to one of the blocked pages.
Thanks for the tips. I'm trying a squid-based solution.
--
Troy Piggins
More information about the Dnsmasq-discuss
mailing list