RE: [squid-users] squid + iptables

hi all,

> You are not having route entry to use DNS server to
> resolve the domain names in client machine. Try as,
>
> route add -net 192.168.0.0 netmask 255.255.0.0 dev
> eth0

I tried that on client pc (in isolan) and i didn't change anything.

> ping <dns server>
> ping www.google.com

Anyway, as I don't do any nat, I would expect not to ping it!

*******************
route (on pc in isolan) :

$route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
192.168.0.0 * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.2.1 0.0.0.0 UG 1 0 0 eth0

*****************

If I do a ping in isolan to dns server (192.168.0.1) :
$ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
From 192.168.2.4 icmp_seq=2 Destination Host Unreachable
From 192.168.2.4 icmp_seq=3 Destination Host Unreachable
From 192.168.2.4 icmp_seq=4 Destination Host Unreachable
From 192.168.2.4 icmp_seq=6 Destination Host Unreachable
From 192.168.2.4 icmp_seq=7 Destination Host Unreachable
From 192.168.2.4 icmp_seq=8 Destination Host Unreachable

And the tcpdump (while pinging)
14:32:06.547367 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:07.547210 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:10.547759 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:11.547605 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:12.547454 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:15.548002 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:16.547846 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:17.547691 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:20.548239 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:21.548084 arp who-has 192.168.0.1 tell 192.168.2.4

And I don't get any reply!?
I am a bit lost, does all dns request has to go through squid, or computers in my isolan have got to reach directly the dns server??

                                             |DNS SERVER|
                                                  |
                                                  |
IsoLan -----(eth1)| Proxy Box |(eth0)-------Lan------| Firewall |-------INTERNET

Many thanks,

Kevin.

Kevin Thackray
C&T Paradigm NV
BTW BE 0465.030.272 RPR Antwerpen
G. LeGrellelaan 10, B - 2020 Antwerpen
Tel +32(3)259 2266

mailto:kthackray@ctparadigm.be

This email is for the use of the intended recipient only. It may contain information that is legally privileged or confidential. If you are not the intended recipient, any disclosure, distribution or copying of this email is strictly prohibited and may be unlawful. If received in error, please reply to the sender confirming this, then delete the email.
Received on Wed Apr 06 2005 - 07:53:10 MDT