Hi steve,
yeah u r correct u should start caching dns on squid server and set
squid server's private ip as the primary DNS on th eclient .
U can start the named service on squid service with the command
/etc/init.d/named start
and the things will go.
U don hav to make ne changes in the squid.conf.
Regards
dev
On 5/13/05, Steven Morris <steven.morris@tripleplay-services.com> wrote:
> Hi Dev,
>
> Thanks very much for your response.
>
> Am I correct in thinking that I should set my LAN client's primary DNS
> server address to the IP address of the proxy server?
> You mentioned I should start caching DNS on the proxy server.. how would I
> go about this? Do I need to configure something on
> the proxy server / squid.conf to enable this?
>
> I'm not currently able to ping our ISP dns server from the client. I can
> however (as expected) ping the dns server from the proxy server.
>
> My setup involves the following:
> Proxy server with two ethernet ports.
> eth0: A LAN with the client machines attached.. these are the clients whose
> http requests are being served transparently by the proxy server.
> eth1: Another LAN containing a wireless router with connection to the
> internet.
>
> In squid.conf, I've setup the configuration for a transparent proxy:
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> I've set the port used by clients to acces squid (http_port 3128) and ran
> the iptables command that redirects incoming tcp packets on port 80 to port
> 3128.
> Apart from this (and some configuration to ACL's in squid.conf), I've not
> changed anything from the default installation of squid.
>
> Regards
> Steve
>
>
> ----- Original Message -----
> From: "dev singh" <dev.pratap@gmail.com>
> To: "Steven Morris" <steven.morris@tripleplay-services.com>
> Cc: <squid-users@squid-cache.org>
> Sent: Friday, May 13, 2005 1:22 PM
> Subject: Re: [squid-users] DNS lookup failure when transparent proxy
>
> Hi steve,
>
> Start caching DNS on proxy server and put ur server's private ip as
> the primary DNS on client and the things will go.
>
> I think the problem with ur existing configuration is that the private
> ip which u r using on ur clients , they are not known by ur DNS
> server.
>
> r u avle to ping ur dns server from ur clinet . if u r able to do that
> than ur configuration will work otherwise it won't.
>
> For more detail reason kindly give a rough sketch of ur setup
> Regards
> dev
>
> On 5/13/05, Steven Morris <steven.morris@tripleplay-services.com> wrote:
> > Hi,
> >
> > I've installed squid version 2.5 release 9 on redhat linux fedora core 3
> > and
> > setup a proxy server (with 2 ethernet ports) between my LAN and the
> > internet.
> > I've successfully configured Squid so the proxy server runs transparently
> > and intercepts all http requests from clients on the LAN.
> > When I enter IP address's (including the IP address for google) in the
> > client's web browser URL, the pages are served fine, but when I enter a
> > domain name in the URL,
> > the browser returns the 'Page Cannot be displayed message'.
> >
> > The client machine and proxy (in /etc/resolv.conf) both know our ISP
> > nameservers IP address and I've configured the proxy server firewall to
> > allow DNS lookups via UDP on port 53.
> >
> > If the client browser is configured to use the proxy server (rather than
> > have it run transparently), DNS lookups work fine and domain name URL
> > pages
> > are displayed.
> > I would however, really like to get DNS lookups working with a transparent
> > proxy setup.
> >
> > I can't see it myself but would this involve changing settings in
> > squid.conf?.. or perhaps some form of iptables forwarding command for DNS
> > responses on UDP port 53? (ie to forward incoming
> > responses from the nameserver to the proxy back to the client machines on
> > the LAN).
> >
> > Any possible solutions would be greatly appreciated.
> >
> > Regards,
> >
> > Steve
> >
> >
>
>
Received on Sat May 14 2005 - 00:10:12 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT