Re: [squid-users] Transparent proxy and DNS error

The error page (for any URL) is:

=====================================================================
While trying to retrieve the URL: http://foo.bar.com/

The following error was encountered:
Unable to determine IP address from host name for foo.bar.com

The dnsserver returned:
Name Error: The domain name does not exist.

This means that:

The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.

Your cache administrator is ...
=====================================================================

The compile options are:

./configure --enable-icmp --enable-htcp --enable-linux-netfilter

And I put this lines in squid.conf:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

and necessary ACLs.

both machines have two ethernet card, eth0 with privet IP address and eth1
with public IP adders. For intercept and/or redirect the traffic,
to another machine:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
10.0.1.1:3128

to same the machine:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

The proxy works (on both machines) if the users configure it in their
browsers while the NAT rules exists.

Regards,
Khashayar

>From: Henrik Nordstrom <hno@squid-cache.org>
>To: Khashayar Assa <khashayar_assa@hotmail.com>
>CC: squid-users@squid-cache.org
>Subject: Re: [squid-users] Transparent proxy and DNS error
>Date: Mon, 14 Apr 2003 21:54:28 +0200
>
>Exacly what error is returned? More specifically, which server does it
>say it could not find?
>
>Does it work if the user configures the same Squid as proxy server in
>their browser while still having the interception and/or DNAT rules in
>place?
>
>What is your httpd_accel_* directive settings in squid.conf?
>
>Regards
>Henrik
>
>
>Khashayar Assa wrote:
> >
> > Dear squiders,
> >
> > I tried to setup a transparent proxy by using squid-2.5.STABLE2 on
>Redhat
> > 8.0. The proxy works fine but when I redirect port 80 to 3128 and
>disable
> > the proxy in the client side, squid return an error page that says it is
> > unable to determine IP address of the request. I set up another machine
>and
> > use DNAT to send the requests to new machine but the error exist.
> > Do you have any idea??
> >
> > Regards,
> > Khashayar
>
>--
>Free Squid-users support provided by Henrik Nordström
><hno@squid-cache.org>
>Donations welcome if you consider my Free Squid support helpful.
>https://www.paypal.com/xclick/business=hno%40squid-cache.org
>
>If you need commercial Squid support or cost effective Squid or
>firewall appliances please refer to MARA Systems AB, Sweden
>http://www.marasystems.com/, info@marasystems.com

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
Received on Tue Apr 15 2003 - 02:04:34 MDT