[squid-users] Squid Intercept - From inside LAN with DNAT on router and docker on host
Antony Stone
Antony.Stone at squid.open.source.it
Wed Jul 20 20:50:09 UTC 2016
On Wednesday 20 July 2016 at 22:44:46, Bruno de Paula Larini wrote:
> Em 20/07/2016 17:10, Antony Stone escreveu:
> >
> > You *must* perform the DNAT on the machine running Squid, which means that
> > the packets from your clients must pass through the Squid server, either
> > because it is in the default route, or because you use some form of policy
> > routing (not NAT) to direct port 80 requests through it.
>
> If that's the case I think it would be better if the document instructed
> to use REDIRECT --to-port instead DNAT as an implicit way to explain that.
What is unclear about:
*NOTE:* This configuration is given for use *on the squid box*. This is
required to perform intercept accurately and securely. To intercept from a
gateway machine and direct traffic at a separate squid box use policy routing.
?
Antony.
--
"A person lives in the UK, but commutes to France daily for work.
He belongs in the UK."
- From UK Revenue & Customs notice 741, page 13, paragraph 3.5.1
- http://tinyurl.com/o7gnm4
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list