On Mon, Feb 18, 2002 at 12:44:14AM +0100, Henrik Nordstrom wrote: > On Sunday 17 February 2002 20.06, Harald Welte wrote: > > > DNAT in output really makes sense. Imagine a proxy running on your > > firewall. The firewall also has a DMZ. You DNAT inbound http > > requests from the internet into your DMZ. Now some user of your > > internal network tries to reach the companies own webserver through > > the squid running on the firewall. The outgoing packets from SQUID > > need to get DNAT'ed into the DMZ. > > In such case you can simply tell Squid what the real server addresses > are. No need to go thru DNAT to fool Squid. Simply put the addresses > into /etc/hosts or a private DNS, or have Squid rewrite the addresses > on the way.
Sorry, but IMHO any of those 'solutions' is ugly. It should just work automagically. > Henrik Nordström -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)