> > Put squid on OPT1, etc interface so its separate from lan. Place the
> >below rule, modified to your needs, in your config file and upload it
> >to monowall. Set squid to be transparent proxy and your good to go.
> >Downside is that squid is on another interface, but if squid goes down
> >you only loose http traffic.
Isn't there another downside in that your Squid will only see NATted
client IP addresses i.e. only the address of the M0n0wall box itself?
This would make Squid logs meaningless. Maby not a big deal for many
sites, but a pain for others (no abuse tracking, no reliable
I used to have that problem when doing NAT-based HTTP traffic
redirection on Linux boxes.