Hi! Gary, maybe I do not understand perfectly your point of view, because I used Squid mainly under Linux. I understand we are speaking about using Squid as lan->wan web cache; the only thing I cannot understand is why, in your opinion, transproxy could not work simply by redirecting web traffic (instead of using route-to). In linux this is the only possible way of doing this (at least, without using iproute and tc), so I always configured my squid as transproxy, and used the iptables redirection. Anyway, I understand you are speaking about a totally different way of doing it (and in my opinion, both the ways can work.), so I am very happy to learn smthg new!
On 10/26/05, Gary Buckmaster <[EMAIL PROTECTED]> wrote: > Because of the way squid works, a squid box should be treated as a second > gateway, in this case for http-based traffic only. As a result, using a > route-to (or in Cisco parlance, policy-based route) is the solution. To > avoid confusion, this is for outbound (LAN->WAN) traffic for the purposes of > web caching and content filtering. There are perfectly valid reasons for > using squid as an http accelerator sitting in front of web servers, which > may have been what confused Tomasso. > > -Gary > > -----Original Message----- > From: Bill Marquette [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 26, 2005 8:48 AM > To: [email protected] > Subject: Re: [pfSense Support] Transparent Squid proxy in DMZ? > > > On 10/26/05, Tommaso Di Donato <[EMAIL PROTECTED]> wrote: > > Maybe I did not undestand well, but redirecting http traffic to a host > > located in DMZ is not a policy-based routing... In my opinion it is a > > simple redirect for 80/tcp to a particular host. Obviously, here the > > host is in DMZ. > > Sorry if I understood wrong.. > > Depends on if you use port forwarding (rdr) to achieve the goal or > treat the squid box as another gateway and use 'route-to' for port 80 > traffic. I suspect the latter is what Gary was talking about and is > an interesting concept. > > --Bill > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
