Search squid archive

Re: [squid-users] DNS lookup failure when transparent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Dev,

Thanks very much for your response.

Am I correct in thinking that I should set my LAN client's primary DNS server address to the IP address of the proxy server?
You mentioned I should start caching DNS on the proxy server.. how would I go about this? Do I need to configure something on
the proxy server / squid.conf to enable this?


I'm not currently able to ping our ISP dns server from the client. I can however (as expected) ping the dns server from the proxy server.

My setup involves the following:
Proxy server with two ethernet ports.
eth0: A LAN with the client machines attached.. these are the clients whose http requests are being served transparently by the proxy server.
eth1: Another LAN containing a wireless router with connection to the internet.


In squid.conf, I've setup the configuration for a transparent proxy:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

I've set the port used by clients to acces squid (http_port 3128) and ran the iptables command that redirects incoming tcp packets on port 80 to port 3128.
Apart from this (and some configuration to ACL's in squid.conf), I've not changed anything from the default installation of squid.


Regards
Steve


----- Original Message ----- From: "dev singh" <dev.pratap@xxxxxxxxx>
To: "Steven Morris" <steven.morris@xxxxxxxxxxxxxxxxxxxxxxx>
Cc: <squid-users@xxxxxxxxxxxxxxx>
Sent: Friday, May 13, 2005 1:22 PM
Subject: Re: [squid-users] DNS lookup failure when transparent proxy



Hi steve,

Start caching DNS on proxy server and put ur server's private ip as
the primary DNS on client and the things will go.

I think the problem with ur existing configuration is that the private
ip which u r using on ur clients , they are not known by ur DNS
server.

r u avle to ping ur dns server from ur clinet . if u r able to do that
than ur configuration will work otherwise it won't.

For more detail reason kindly give a rough sketch of ur setup
Regards
dev

On 5/13/05, Steven Morris <steven.morris@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi,

I've installed squid version 2.5 release 9 on redhat linux fedora core 3 and
setup a proxy server (with 2 ethernet ports) between my LAN and the
internet.
I've successfully configured Squid so the proxy server runs transparently
and intercepts all http requests from clients on the LAN.
When I enter IP address's (including the IP address for google) in the
client's web browser URL, the pages are served fine, but when I enter a
domain name in the URL,
the browser returns the 'Page Cannot be displayed message'.


The client machine and proxy (in /etc/resolv.conf) both know our ISP
nameservers IP address and I've configured the proxy server firewall to
allow DNS lookups via UDP on port 53.

If the client browser is configured to use the proxy server (rather than
have it run transparently), DNS lookups work fine and domain name URL pages
are displayed.
I would however, really like to get DNS lookups working with a transparent
proxy setup.


I can't see it myself but would this involve changing settings in
squid.conf?.. or perhaps some form of iptables forwarding command for DNS
responses on UDP port 53? (ie to forward incoming
responses from the nameserver to the proxy back to the client machines on
the LAN).

Any possible solutions would be greatly appreciated.

Regards,

Steve





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux