[squid-dev] What should we do about these *wrong* wiki articles?
Eliezer Croitoru
eliezer at ngtech.co.il
Fri Jul 21 13:54:44 UTC 2017
It's not the MASQARADE that is bad....
It's the DNAT rule which removes the original destination ip and port.
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-----Original Message-----
From: Amos Jeffries [mailto:squid3 at treenet.co.nz]
Sent: Friday, July 21, 2017 15:42
To: Eliezer Croitoru <eliezer at ngtech.co.il>; squid-dev at lists.squid-cache.org
Subject: Re: [squid-dev] What should we do about these *wrong* wiki articles?
On 21/07/17 21:17, Eliezer Croitoru wrote:
> Hey List,
>
> I have seen that these articles aren't up-to-date and are misleading admins.
> The first step to my opinion would be to add a warning at the top of the
> articles that these are obsolete and should not be used.
> Then fix the article content and redirect toward PBR\FBF\Other routing to
> the squid box example and eventually removing these examples from the wiki.
>
> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat?highlight=%28
> masquerade%29
> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect?highlight
> =%28masquerade%29
>
> What do you think?
Whats wrong with MASQUERADE ?
AFAIK it is still the best way to have the OS automatically assign
outgoing IPs in the presence of NAT - an operation which the default
configuration of Squid assumes to be happening.
If the admin knows sufficiently about iptables/netfilter to specifically
setup something other than MASQUERADE properly they already know not to
enter that line.
NP: the mention of IPv6 not being supported is wrong nowdays. That could
be replaced by a note specifically for old kernel versions.
Amos
More information about the squid-dev
mailing list