As I understood the article the DNAT is from another box ie "the router" to the squid box. If I understood it wrong and didn't read properly I will re-read them and see in what I am wrong. Squid doesn't like to act as intercept proxy and to have the destination ip and port as itself ie: Client ip is 192.168.0.30 Squid ip is 192.168.1.40 Router sits at 192.168.0.254 Router does DNAT form 192.168.0.0/24 dst port 80 to squid ip:port ie 192.168.1.30:3129
Am I missing something about this wrong picture? Thanks, Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -----Original Message----- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Friday, July 21, 2017 17:15 To: Eliezer Croitoru <elie...@ngtech.co.il>; squid-dev@lists.squid-cache.org Subject: Re: [squid-dev] What should we do about these *wrong* wiki articles? On 22/07/17 01:54, Eliezer Croitoru wrote: > It's not the MASQARADE that is bad.... > It's the DNAT rule which removes the original destination ip and port. > I fail to see how NAT behaving as NAT always has done makes those articles *about NAT features* "aren't up-to-date and are misleading admins" Amos _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev