On Wednesday 20 July 2016 at 22:44:46, Bruno de Paula Larini wrote: > Em 20/07/2016 17:10, Antony Stone escreveu: > > > > You *must* perform the DNAT on the machine running Squid, which means that > > the packets from your clients must pass through the Squid server, either > > because it is in the default route, or because you use some form of policy > > routing (not NAT) to direct port 80 requests through it. > > If that's the case I think it would be better if the document instructed > to use REDIRECT --to-port instead DNAT as an implicit way to explain that. What is unclear about: *NOTE:* This configuration is given for use *on the squid box*. This is required to perform intercept accurately and securely. To intercept from a gateway machine and direct traffic at a separate squid box use policy routing. ? Antony. -- "A person lives in the UK, but commutes to France daily for work. He belongs in the UK." - From UK Revenue & Customs notice 741, page 13, paragraph 3.5.1 - http://tinyurl.com/o7gnm4 Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
