Re: [squid-users] Squid not resolving internal names from John Oliver on 2006-11-06 (squid-users)

From: John Oliver <joliver@dont-contact.us>
Date: Mon, 6 Nov 2006 18:12:47 -0800

On Tue, Nov 07, 2006 at 02:18:09AM +0100, Henrik Nordstrom wrote:
> mån 2006-11-06 klockan 16:29 -0800 skrev John Oliver:
> > [root@sdprx01 ~]# rpm -q squid
> > squid-2.5.STABLE6-3.4E.12
>
> Current version is 2.6.STABLE5.
>
> > [root@sdprx01 ~]# cat /etc/redhat-release
> > Red Hat Enterprise Linux ES release 4 (Nahant Update 2)
> >
> > squid isn't using the "search" line in /etc/resolv.conf On the command
> > line
>
> The ancient version you are using isn't. Upgrade and there will be a
> more pleasant experience.
>
> Or try using the append_domain directive.

Unfortunately, squid-2.5.STABLE6-3.4E.12 is what Red Hat ships. I
opened a ticket with them asking them to get with the program... this is
the second piece of software I've encountered so far that's hopelessly
ancient. We pay a lot of money for Red Hat, so by God they can give us
something for it!

I was experimenting with iptables rules to not use Squid for servers on
the local subnet. I'm not even sure why the firewall would be catching
and redirecting those requests, since this traffic doesn't need to leave
the subnet in the first place.

I wound up with:

$IPTABLES -t nat -A PREROUTING -i eth1 -s 192.168.2.192 -p tcp --dport
80 -j DNAT --to 192.168.2.231:3128
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.192 -d
192.168.2.231 -j SNAT --to 192.168.2.1
$IPTABLES -A FORWARD -s 192.168.2.192 -d 192.168.2.231 -i eth1 -o eth1
-p tcp --dport 3128 -j ACCEPT

That lets my laptop (192.168.2.192) surf through Squid (192.168.2.231)
without setting any proxy in the browser (which is why I wanted to do
transparent redirection... we don't want to have to deal with all the
different browsers, desktops, laptops, etc.) I tried:

$IPTABLES -t nat -A PREROUTING -i eth1 -s 192.168.2.192 -d !
192.168.2.0/24 -p tcp --dport 80 -j DNAT --to 192.168.2.231:3128

but that didn't work.

-- 
***********************************************************************
* John Oliver                             http://www.john-oliver.net/ *
*                                                                     *
***********************************************************************

Received on Mon Nov 06 2006 - 19:12:59 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST