On Tue, Nov 07, 2006 at 02:18:09AM +0100, Henrik Nordstrom wrote: > mån 2006-11-06 klockan 16:29 -0800 skrev John Oliver: > > [root@sdprx01 ~]# rpm -q squid > > squid-2.5.STABLE6-3.4E.12 > > Current version is 2.6.STABLE5. > > > [root@sdprx01 ~]# cat /etc/redhat-release > > Red Hat Enterprise Linux ES release 4 (Nahant Update 2) > > > > squid isn't using the "search" line in /etc/resolv.conf On the command > > line > > The ancient version you are using isn't. Upgrade and there will be a > more pleasant experience. > > Or try using the append_domain directive. Unfortunately, squid-2.5.STABLE6-3.4E.12 is what Red Hat ships. I opened a ticket with them asking them to get with the program... this is the second piece of software I've encountered so far that's hopelessly ancient. We pay a lot of money for Red Hat, so by God they can give us something for it! I was experimenting with iptables rules to not use Squid for servers on the local subnet. I'm not even sure why the firewall would be catching and redirecting those requests, since this traffic doesn't need to leave the subnet in the first place. I wound up with: $IPTABLES -t nat -A PREROUTING -i eth1 -s 192.168.2.192 -p tcp --dport 80 -j DNAT --to 192.168.2.231:3128 $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.192 -d 192.168.2.231 -j SNAT --to 192.168.2.1 $IPTABLES -A FORWARD -s 192.168.2.192 -d 192.168.2.231 -i eth1 -o eth1 -p tcp --dport 3128 -j ACCEPT That lets my laptop (192.168.2.192) surf through Squid (192.168.2.231) without setting any proxy in the browser (which is why I wanted to do transparent redirection... we don't want to have to deal with all the different browsers, desktops, laptops, etc.) I tried: $IPTABLES -t nat -A PREROUTING -i eth1 -s 192.168.2.192 -d ! 192.168.2.0/24 -p tcp --dport 80 -j DNAT --to 192.168.2.231:3128 but that didn't work. -- *********************************************************************** * John Oliver http://www.john-oliver.net/ * * * ***********************************************************************
