Re: Fwd: [squid-users] URL redirection in offline mode

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 16 Oct 2010 01:32:45 +0000

On Fri, 15 Oct 2010 23:57:13 +0800, mohd hafiz <bmhafiz_at_gmail.com> wrote:
> sorry for late response,
>
>
>>>>
>>> Does i need to configure each browser to pass request to squid? Can it
>>> be done by the iptables at the server side. i want it transparent to
>>> the user.
>>
>> You can use WPAD methods to setup the browsers in bulk with little or
no
>> user knowledge. They only need to set the browser to the "auto-detect"
>> setting if it's not already defaulting to that.
>>
>> If you want to get really tricky you can start intercepting DNS going
to
>> servers outside your networks and pointing them at a recursive resolver
>> under your own control. The success of this depends on whether the
client
>> software is doing DNSSEC or other security measures on their DNS
replies.
>>
>
> i have a local resolver in my main server. how can intercept DNS going
> outside and point it to a recursive server under my control?

Firewall NAT. Same as you redirect port 80 to squid, but redirecting port
53 UDP to the internal DNS resolver.

Amos
Received on Sat Oct 16 2010 - 01:32:49 MDT

This archive was generated by hypermail 2.2.0 : Sat Oct 16 2010 - 12:00:02 MDT