RE: [squid-users] squid + iptables

Wed, 06 Apr 2005 06:53:10 -0700 

hi all,

> You are not having route entry to use DNS server to
> resolve the domain names in client machine. Try as,
> 
> route add -net 192.168.0.0 netmask 255.255.0.0 dev
> eth0

I tried that on client pc (in isolan) and i didn't change anything.

> ping <dns server>
> ping www.google.com

Anyway, as I don't do any nat, I would expect not to ping it!

*******************
route (on pc in isolan) :

$route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     *               255.255.0.0     U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         192.168.2.1     0.0.0.0         UG    1      0        0 eth0

*****************

If I do a ping in isolan to dns server (192.168.0.1) :
$ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
>From 192.168.2.4 icmp_seq=2 Destination Host Unreachable
>From 192.168.2.4 icmp_seq=3 Destination Host Unreachable
>From 192.168.2.4 icmp_seq=4 Destination Host Unreachable
>From 192.168.2.4 icmp_seq=6 Destination Host Unreachable
>From 192.168.2.4 icmp_seq=7 Destination Host Unreachable
>From 192.168.2.4 icmp_seq=8 Destination Host Unreachable


And the tcpdump (while pinging)
14:32:06.547367 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:07.547210 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:10.547759 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:11.547605 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:12.547454 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:15.548002 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:16.547846 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:17.547691 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:20.548239 arp who-has 192.168.0.1 tell 192.168.2.4
14:32:21.548084 arp who-has 192.168.0.1 tell 192.168.2.4

And I don't get any reply!?
I am a bit lost, does all dns request has to go through squid, or computers in 
my isolan have got to reach directly the dns server??

                                             |DNS SERVER|
                                                  |
                                                  |
IsoLan -----(eth1)| Proxy Box |(eth0)-------Lan------| Firewall |-------INTERNET

Many thanks,

Kevin.




Kevin Thackray
C&T Paradigm NV
BTW BE 0465.030.272 RPR Antwerpen
G. LeGrellelaan 10, B - 2020 Antwerpen
Tel +32(3)259 2266

mailto:[EMAIL PROTECTED] 



This email is for the use of the intended recipient only. It may contain 
information that is legally privileged or confidential. If you are not the 
intended recipient, any disclosure, distribution or copying of this email is 
strictly prohibited and may be unlawful. If received in error, please reply to 
the sender confirming this, then delete the email.

Reply via email to