On 17/10/10 02:48, mohd hafiz wrote:
>>>>>>
>>>>> Does i need to configure each browser to pass request to squid? Can it
>>>>> be done by the iptables at the server side. i want it transparent to
>>>>> the user.
>>>>
>>>> You can use WPAD methods to setup the browsers in bulk with little or
>> no
>>>> user knowledge. They only need to set the browser to the "auto-detect"
>>>> setting if it's not already defaulting to that.
>>>>
>>>> If you want to get really tricky you can start intercepting DNS going
>> to
>>>> servers outside your networks and pointing them at a recursive resolver
>>>> under your own control. The success of this depends on whether the
>> client
>>>> software is doing DNSSEC or other security measures on their DNS
>> replies.
>>>>
>>>
>>> i have a local resolver in my main server. how can intercept DNS going
>>> outside and point it to a recursive server under my control?
>>
>> Firewall NAT. Same as you redirect port 80 to squid, but redirecting port
>> 53 UDP to the internal DNS resolver.
>>
> Can i do as below:
>
> eth0= interface to internet
> $LAN_IN = interface to lan
> $SQUID_SERVER = local DNS resolver
> $SQUID_PORT = 3128
>
> iptables -t nat -A PREROUTING -i $LAN_IN -p udp --dport 53 -j DNAT
> --to $SQUID_SERVER:$SQUID_PORT
No.
--to $SQUID_SERVER:53
>
> iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT
> --to-port 3128
No.
--to-port 53
>
> this will redirect udp port 53 to my local resolver server.
>
> thanks
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2Received on Sat Oct 16 2010 - 22:41:04 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 19 2010 - 12:00:02 MDT