On 12/8/06, Linus Torvalds <torvalds@xxxxxxxx> wrote:
That said, I'm not personally convinced that there is much point to using netfilter for transparent proxying. Why not just use separate ports for squid and for apache?
Just a question of whether you want to be able to yank the squid box out if it goes pear-shaped, without touching configs on the apache box. Some people like to stick the proxy in as a no-op at first, then tell netfilter to divert 1% of sessions to squid and see how it holds up, retune, ease it in, ease it out, figure out how much operational flexibility you will have as demand continues to scale. If the squid and apache are on the same box it's probably less of an issue. Cheers, - Michael - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html