Web Proxy Autodiscovery Protocol with dnsmasq

It seems that you can push a WPAD to desktops via dhcp.

My proxy is based on squid running on 8080.

I ‘ve build a WPAD file similar to the below:


function FindProxyForURL(url, host)
        return "PROXY; DIRECT";

next thing is to publish it via a web server.
I am using thttpd for static pages/files:

how to test it:

# curl -L

after that a simple entry on Dnsmasq


and restart your dnsmasq

Dont forget to do a dhcp release on your windows machine

Tag(s): dnsmasq, squid, WPAD
dnsmasq with custom hosts file

Title: dnsmasq with custom hosts file - aka ban sites with dnsmasq

I ‘ve already said it too many times, but dnsmasq is a beautiful project for SOHO (small office/home office) environment.

I am using it as DNS caching server, DHCP server & tftpd (PXE) server and it’s amazing.

One thing i do with the dns section is that i “BAN” urls i dont like. Think something like AdBlock on firefox.
Two configuration changes:


as root

wget -O /etc/hosts.txt && 



in /etc/dnsmasq.conf


You can also put the wget cmd in your crontab with the @monthly scheduler but you need to restart the dnsmasq every month!

Another amazing thing is that you can add your one entries:

echo >> /etc/hosts.txt

restart your dnsmasq service and check it:

# dig @localhost +short
Tag(s): dnsmasq
Fedora 17 Selinux Ugrade - Bump!

A customer of mine, had me approached to install a virtualization solution at his company.

The first goal was portability the second productivity.
I had to find a way (transparent from their employes) to remove their work environment from their hardware.

Productivity is easy … just remove any unnecessary software and keep their desktops as clean as they can be.

“Attention Span” is the big monster.

I found that with no-sound they couldnt listen to youtube or to internet radio stations or mp3 and they had to install a radio at their office.
One radio station, one music for all. That approach was much better than every other solution i could figure out.

Imaging a work space with 15 people, how every one wants to listen to a different music/news, youtube or whatever.
That was noise - and noise is the enemy!

As for portability - we dont want to use this old hardware - was easy enough too.
I’ve built a tinycorelinux image and convert every PC to a thin or thick client.
RDP to their Terminal Server was the only thing i had to ensure is working.

Dnsmasq is the simplest and best solution to do that (PXE).

created /tftpboot/ dir and worked my way through that.

I used fedora cause it is a virtualization box with all the latest versions of software.
I wanted to test fedora and selinux wasnt so bad after all.

Till the latest upgrade!

/tftpboot                                          directory          system_u:object_r:tftpdir_t:s0 
/tftpboot/.*                                       all files          system_u:object_r:tftpdir_t:s0

dnsmasq now needs dnsmasq_t

type=AVC msg=audit(1349450414.500:20456): avc:  denied  { read } for  pid=27175 comm="dnsmasq" name="tftpboot" dev="dm-1" ino=524451 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=unconfined_u:object_r:tftpdir_t:s0 tclass=dir

relabeling is out of question.

The solution is to transfer all the necessaries files to a new directory that

semanage fcontext -l 

doesnt marked as something else and chcon the entire directory (recursive) to label to dnsmasq_t all files and dirs.

or to add a new policy rule that accepts dnsmasq_t for /tftpboot directory
or DISABLE selinux cause you’ll never now what else will through to you !

Its unacceptable to make such core changes without have a plan for backwards compatibility or a way to inform your faithful admin that he/shee will have a problem because you have destroyed everything he/she built the last year!.