[Dnsmasq-discuss] Re: using squid with dnsmasq and hosts file

Troy Piggins troy at piggo.com
Fri Aug 1 21:36:24 BST 2008


* sbolic wrote :
>* Troy Piggins wrote:
>>* sbolic wrote :

[ Please don't top-post in technical groups, and please don't
email directly to me, keep it in the list.  Thanks.]

>>> I am  a new  user  of dnsmasq using squid on my network.
>>> dnsmasq with dhcp works fine and I need help to config dhcp
>>> to send proxy parameters to clients to force them to use
>>> squid.  Can you help me with this or just post your
>>> dnsmasq.conf file.
>> 
>> I have set this up recently using iptables, squid, dnsmasq.
>> It's called a transparent proxy.  What version of squid are
>> you using?  The solution varies slightly from V2 to V3 I
>> think, and also on your network arrangement - what box are you
>> running squid, iptables, dnsmasq on?  On mine, they're all the
>> same box.
> 
> SuSe 10.2 Squid 2.6 IPTables-1.3.6.-20 Dnsmasq 2.45 all on the
> same box..  Small company network (workgroup) with 15
> workstations. Box is the main server which role has to be :
> Samba server (as domain controller), Nat router, Proxy and
> Firewall and Postfix Mail server.  Simon Kelley post me some
> ideas for "wpad", I am working on it but i am not familiar with
> WebServer/Apache so i need little bit time.  Finale gaol is to
> setup domain network (Linux server with windows workstations)
> same as under Windows server (except Active Directory).
> Sending proxy parameters, batch job like maintenance profiles
> etc.  Please take a look on Simon Kelley post.  If you need i
> can send you all of my parameter including conf files.

I saw Simon's post.  I was offering you an alternative solution.
I'm using Squid 3.  But when I googled it, most solutions on the
internet seemed to be for 2.x versions of Squid anyway.  I
googled "squid transparent proxy iptables" when I was searching.

Basically you put a rule like this in your iptables firewall,
which redirects any traffic coming from your LAN interface
(substitute eth0, eth1 etc for $LAN_IFACE or set it as a
variable), destined for port 80 to your squid port 3128
(default).

# iptables -t nat -A PREROUTING -p tcp -i $LAN_IFACE --dport 80 -j REDIRECT --to-port 3128

Then you need to adjust your squid conf file.  It's a very well
documented and commented file.  These are the things to adjust,
as I understand it, for squid 2.x :

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Reload/restart squid and I think that's it...

Oooooooh, bugger.  I just re-read your OP and saw it was for DHCP
requests not what I thought.  Oh well, I'll leave this hear
because it might be handy for you as another solution.

-- 
Troy Piggins



More information about the Dnsmasq-discuss mailing list