[ previous ] [ next ] [ threads ]
 From:  Alain Fauconnet <alain at ait dot ac dot th>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Http request redirect to Squid
 Date:  Thu, 20 Apr 2006 11:27:48 +0700
Hello readers,

> > Put squid on OPT1, etc interface so its separate from lan. Place the
> >below rule, modified to your needs, in your config file and upload it
> >to monowall. Set squid to be transparent proxy and your good to go.
> > 
> >
> >Downside is that squid is on another interface, but if squid goes down
> >you only loose http traffic.

Isn't there another downside in that your Squid will only see NATted
client IP addresses i.e. only the address of the M0n0wall box itself?
This would make Squid logs meaningless. Maby not a big deal for many
sites, but a pain for others (no abuse tracking, no reliable
accounting etc.)
I used to have that problem when doing NAT-based HTTP traffic
redirection on Linux boxes.