On Mon, Feb 18, 2002 at 12:44:14AM +0100, Henrik Nordstrom wrote:
> On Sunday 17 February 2002 20.06, Harald Welte wrote:
> 
> > DNAT in output really makes sense. Imagine a proxy running on your
> > firewall. The firewall also has a DMZ.  You DNAT inbound http
> > requests from the internet into your DMZ.  Now some user of your
> > internal network tries to reach the companies own webserver through
> > the squid running on the firewall.  The outgoing packets from SQUID
> > need to get DNAT'ed into the DMZ.
> 
> In such case you can simply tell Squid what the real server addresses 
> are. No need to go thru DNAT to fool Squid. Simply put the addresses 
> into /etc/hosts or a private DNS, or have Squid rewrite the addresses 
> on the way.

Sorry, but IMHO any of those 'solutions' is ugly. It should just work
automagically.

> Henrik Nordström

-- 
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ 
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)

Reply via email to