add an IPTABLES rule.... and that's it.. if i'm not mistaken:
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT Taken from here: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html 2009/12/4 Eric Laganowski <e...@laganowski.net>: > richardvo...@gmail.com wrote: >> On Thu, Dec 3, 2009 at 10:06 PM, Perette Barella <pere...@barella.org> wrote: >> >>> I think there's a misunderstanding on how the WPAD DNS version operates. >>> The "wpad.domain.localnet" is used by the browser at startup to locate the >>> proxy configuration file which applies to all domains. You don't need a >>> separate wpad.google.com and wpad.amazon.com for every domain users are >>> trying to connect to. >>> >>> If for some reason your local hosts are configured with different domain >>> names (and therefore looking up wpad.google.com or wpad.amazon.com), I >>> think we need more explanation on just what strangeness you've got going on. >>> >> >> In general, I think we can say that users who have ignored the >> DHCP-provided domain and configured their own intend to opt-out of >> wpad. Browser proxy settings are at the discretion of the user >> anyway, if you want a mandatory proxy setup you'll need to use >> iptables to accomplish that, not DNS. >> >> There's no need to wildcard match wpad hostnames, which are subject to >> user-side DNS caching anyway (a user who has configured for >> domain=google.com probably already has wpad.google.com cached and >> won't get information from dnsmasq). >> >> Any solution to this which involves DNS is inherently broken. > Guys, all I want to do is to be able to use my company-provided laptop > at home which has proxy in the network. It is configured with a > different domain than my local subnet for obvious reasons. > DHCP was tested and confirmed to work properly with MSIE. FF does not > work as it relies purely on DNS (wpad). The idea is to make this as > transparent as possible. > > -Eric > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >
