On 21/07/17 21:17, Eliezer Croitoru wrote:
Hey List,
I have seen that these articles aren't up-to-date and are misleading admins.
The first step to my opinion would be to add a warning at the top of the
articles that these are obsolete and should not be used.
Then fix the article content and redirect toward PBR\FBF\Other routing to
the squid box example and eventually removing these examples from the wiki.
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat?highlight=%28
masquerade%29
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect?highlight
=%28masquerade%29
What do you think?
Whats wrong with MASQUERADE ?
AFAIK it is still the best way to have the OS automatically assign
outgoing IPs in the presence of NAT - an operation which the default
configuration of Squid assumes to be happening.
If the admin knows sufficiently about iptables/netfilter to specifically
setup something other than MASQUERADE properly they already know not to
enter that line.
NP: the mention of IPv6 not being supported is wrong nowdays. That could
be replaced by a note specifically for old kernel versions.
Amos
_______________________________________________
squid-dev mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-dev
