[CS-FSLUG] squid/squidguard transparent proxy but not server (iptable rules)
Stephen McCracken
sjm.mlists at gmail.com
Wed Sep 26 17:04:34 CDT 2012
On 09/26/2012 07:16 AM, Mark Clayton wrote:
> I run squid/squidguard on my ubuntu server. I usually use the
> following iptable rule so that localhost httpd traffic is directed to
> squid:
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
Well, nomenclature at least seems to be wrong. You say "localhost" but
have traffic coming in eth0 specified.
> I'm doing this because I have a server issue that I'm trying to
> understand. I run avahi along with squid/squidguard on my ubuntu
> server with clients using bonjour. It seems squid bypasses
> nsswitch.conf or resolv but I'm trying to confirm it's not my iptable
> rules. Without the rules applied the lan clients can resolve .local.
> addresses but once I apply my rules the clients, whether or not they
> use the ubuntu server as the proxy, cannot resolve the addresses. Very
> frustrating because I don't want to have to remember ip numbers when
> it's hard enough to remember client names!
The thing is that the proxy usually processes the DNS lookups when the
client uses a proxy so the client usually sends the request "unresolved"
to the proxy. When the client doesn't know that it's using a proxy
(transparent setup) the client would resolve the address and send it there.
If I'm reading it correctly, it _seems_ that things work when the client
does the lookup, but not when the squid server does the lookup. Can you
resolve DNS for local addresses from the ubuntu server?
sjm
More information about the Christiansource
mailing list