Hello,
I have two squid siblings, both with one internal and one external
IP-address. The internal IP-address is for ICP/UDP queries. For security
reasons I will bind the open ICP/UDP port to the internal IP-address:
udp_incoming_address 192.168.0.1
udp_outgoing_address 255.255.255.255
After doing this, DNS/UDP packets become an internal source IP-address
and DNS is not working.
It seems that creating a new TAG "dns_outgoing_address" allows to bind
DNS/UDP requests to the
external IP-address and ICP/UDP queries to the internal IP-address:
--- snip ---
server1#cat squid.conf
...
dns_outgoing_address 194.113.40.222
udp_incoming_address 192.168.0.1
udp_outgoing_address 255.255.255.255
server1#cd squid-2.5.STABLE3/src
server1#
server1#grep dns_outgoing *
cf.data:NAME: dns_outgoing_address
cf.data:LOC:Config.Addrs.dns_outgoing
cf.data.pre:NAME: dns_outgoing_address
cf.data.pre:LOC:Config.Addrs.dns_outgoing
cf_parser.h: default_line("dns_outgoing_address 255.255.255.255");
cf_parser.h: else if (!strcmp(token, "dns_outgoing_address"))
cf_parser.h: parse_address(&Config.Addrs.dns_outgoing);
cf_parser.h: dump_address(entry, "dns_outgoing_address",
Config.Addrs.dns_outgoing);
cf_parser.h: free_address(&Config.Addrs.dns_outgoing);
dns_internal.c: addr = Config.Addrs.dns_outgoing;
squid.conf.default:# TAG: dns_outgoing_address
squid.conf.default:# dns_outgoing_address 255.255.255.255
structs.h: struct in_addr dns_outgoing;
server1#cat dns_internal.c
...
void
idnsInit(void)
{
static int init = 0;
if (DnsSocket < 0) {
int port;
struct in_addr addr;
/* new
if (Config.Addrs.udp_outgoing.s_addr != no_addr.s_addr)
addr = Config.Addrs.udp_outgoing;
else
addr = Config.Addrs.udp_incoming;
*/
addr = Config.Addrs.dns_outgoing;
DnsSocket = comm_open(SOCK_DGRAM,
0,
addr,
0,
COMM_NONBLOCKING,
"DNS Socket");
if (DnsSocket < 0)
fatal("Could not create a DNS socket");
...
--- snip ---
Any ideas - without hacking the source code?
Regards,
Dagmar Dobner
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT