On 17/10/10 02:48, mohd hafiz wrote:
Does i need to configure each browser to pass request to squid? Can it
be done by the iptables at the server side. i want it transparent to
the user.
You can use WPAD methods to setup the browsers in bulk with little or
no
user knowledge. They only need to set the browser to the "auto-detect"
setting if it's not already defaulting to that.
If you want to get really tricky you can start intercepting DNS going
to
servers outside your networks and pointing them at a recursive resolver
under your own control. The success of this depends on whether the
client
software is doing DNSSEC or other security measures on their DNS
replies.
i have a local resolver in my main server. how can intercept DNS going
outside and point it to a recursive server under my control?
Firewall NAT. Same as you redirect port 80 to squid, but redirecting port
53 UDP to the internal DNS resolver.
Can i do as below:
eth0= interface to internet
$LAN_IN = interface to lan
$SQUID_SERVER = local DNS resolver
$SQUID_PORT = 3128
iptables -t nat -A PREROUTING -i $LAN_IN -p udp --dport 53 -j DNAT
--to $SQUID_SERVER:$SQUID_PORT
No.
--to $SQUID_SERVER:53
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT
--to-port 3128
No.
--to-port 53
this will redirect udp port 53 to my local resolver server.
thanks
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.8
Beta testers wanted for 3.2.0.2
