Because of the way squid works, a squid box should be treated as a second gateway, in this case for http-based traffic only. As a result, using a route-to (or in Cisco parlance, policy-based route) is the solution. To avoid confusion, this is for outbound (LAN->WAN) traffic for the purposes of web caching and content filtering. There are perfectly valid reasons for using squid as an http accelerator sitting in front of web servers, which may have been what confused Tomasso.
-Gary -----Original Message----- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 26, 2005 8:48 AM To: [email protected] Subject: Re: [pfSense Support] Transparent Squid proxy in DMZ? On 10/26/05, Tommaso Di Donato <[EMAIL PROTECTED]> wrote: > Maybe I did not undestand well, but redirecting http traffic to a host > located in DMZ is not a policy-based routing... In my opinion it is a > simple redirect for 80/tcp to a particular host. Obviously, here the > host is in DMZ. > Sorry if I understood wrong.. Depends on if you use port forwarding (rdr) to achieve the goal or treat the squid box as another gateway and use 'route-to' for port 80 traffic. I suspect the latter is what Gary was talking about and is an interesting concept. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
