Amos, > There is a different config example for REDIRECT < http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect>
Ty, I'm going to try it using REDIRECT. I was unwilling to follow the DNAT guide because of having to enable ip-forwarding in a non-router machine. The REDIRECT version seems cleaner and is similar to what I' 2016-07-21 3:07 GMT-03:00 Amos Jeffries <[email protected]>: > On 21/07/2016 8:50 a.m., Antony Stone wrote: > > On Wednesday 20 July 2016 at 22:44:46, Bruno de Paula Larini wrote: > > > >> Em 20/07/2016 17:10, Antony Stone escreveu: > >>> > >>> You *must* perform the DNAT on the machine running Squid, which means > that > >>> the packets from your clients must pass through the Squid server, > either > >>> because it is in the default route, or because you use some form of > policy > >>> routing (not NAT) to direct port 80 requests through it. > >> > >> If that's the case I think it would be better if the document instructed > >> to use REDIRECT --to-port instead DNAT as an implicit way to explain > that. > > Primarily because the document you are looking at Bruno is the one for > DNAT. There is a different config example for REDIRECT > <http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect> > > > > > What is unclear about: > > > > *NOTE:* This configuration is given for use *on the squid box*. This is > > required to perform intercept accurately and securely. To intercept > from a > > gateway machine and direct traffic at a separate squid box use policy > routing. > > > > ? > > > > > > Antony. > > > > As to why we even have a DNAT page. That is because at high traffic > loads DNAT is measurably faster for iptables to perform than REDIRECT. > On machinery where the IPs are static and performance is needed, DNAT > *on the same machine* is the best way to go. > > Amos > > _______________________________________________ > squid-users mailing list > [email protected] > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
