It seems that you can push a WPAD to desktops via dhcp.
My proxy is based on squid running on 8080.
I ‘ve build a WPAD file similar to the below:
wpad.dat
function FindProxyForURL(url, host)
{
return "PROXY 192.168.1.2:8080; DIRECT";
}
next thing is to publish it via a web server.
I am using thttpd for static pages/files:
how to test it:
# curl -L 192.168.1.2/wpad.dat
after that a simple entry on Dnsmasq
dhcp-option=252,"http://192.168.1.2/wpad.dat"
and restart your dnsmasq
Dont forget to do a dhcp release on your windows machine
Title: dnsmasq with custom hosts file - aka ban sites with dnsmasq
I ‘ve already said it too many times, but dnsmasq is a beautiful project for SOHO (small office/home office) environment.
I am using it as DNS caching server, DHCP server & tftpd (PXE) server and it’s amazing.
One thing i do with the dns section is that i “BAN” urls i dont like. Think something like AdBlock on firefox.
Two configuration changes:
A.
as root
wget http://winhelp2002.mvps.org/hosts.txt -O /etc/hosts.txt &&
and
B.
in /etc/dnsmasq.conf
addn-hosts=/etc/hosts.txt
You can also put the wget cmd in your crontab with the @monthly scheduler but you need to restart the dnsmasq every month!
Another amazing thing is that you can add your one entries:
echo 0.0.0.0 www.facebook.com >> /etc/hosts.txt
restart your dnsmasq service and check it:
# dig www.facebook.com @localhost +short
0.0.0.0
A customer of mine, had me approached to install a virtualization solution at his company.
The first goal was portability the second productivity.
I had to find a way (transparent from their employes) to remove their work environment from their hardware.
Productivity is easy … just remove any unnecessary software and keep their desktops as clean as they can be.
“Attention Span” is the big monster.
I found that with no-sound they couldnt listen to youtube or to internet radio stations or mp3 and they had to install a radio at their office.
One radio station, one music for all. That approach was much better than every other solution i could figure out.
Imaging a work space with 15 people, how every one wants to listen to a different music/news, youtube or whatever.
That was noise - and noise is the enemy!
As for portability - we dont want to use this old hardware - was easy enough too.
I’ve built a tinycorelinux image and convert every PC to a thin or thick client.
RDP to their Terminal Server was the only thing i had to ensure is working.
Dnsmasq is the simplest and best solution to do that (PXE).
created /tftpboot/ dir and worked my way through that.
I used fedora cause it is a virtualization box with all the latest versions of software.
I wanted to test fedora and selinux wasnt so bad after all.
Till the latest upgrade!
/tftpboot directory system_u:object_r:tftpdir_t:s0
/tftpboot/.* all files system_u:object_r:tftpdir_t:s0
dnsmasq now needs dnsmasq_t
type=AVC msg=audit(1349450414.500:20456): avc: denied { read } for pid=27175 comm="dnsmasq" name="tftpboot" dev="dm-1" ino=524451 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=unconfined_u:object_r:tftpdir_t:s0 tclass=dir
relabeling is out of question.
The solution is to transfer all the necessaries files to a new directory that
semanage fcontext -l
doesnt marked as something else and chcon the entire directory (recursive) to label to dnsmasq_t all files and dirs.
or to add a new policy rule that accepts dnsmasq_t for /tftpboot directory
or DISABLE selinux cause you’ll never now what else will through to you !
Its unacceptable to make such core changes without have a plan for backwards compatibility or a way to inform your faithful admin that he/shee will have a problem because you have destroyed everything he/she built the last year!.