On Mon, Mar 7, 2011 at 4:03 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On Mon, 7 Mar 2011 11:26:09 -0600, Mike Husmann wrote:
>>
>> Hello all,
>> �Thanks for everyone who works to make this such a great product.
>>
>> I've built a transparent proxy from source (2.7..) and it works really
>> well. �What I'm wondering now is if I can fool my downstream bandwidth
>> shaper into not throttling the cache hits that come from squid. �Is it
>> possible to do such a thing? �For instance, tell squid to answer the
>> hit with it's IP rather than the original (external) IP?
>
> Let me get this straight. You have:
>
> Client ->router1->Internet->router2->(NAT)->Squid->Internet
> ?? seems like a terribly long chain of software in order to pass it through
> NAT.
>
> Either way, No the port cannot be changed. �Transparent proxy / MITM /
> hijacking attacks have a very strict set of limits around what can be done
> to the squid->client traffic. The client security systems will reject any
> response which differs from its expected reply and result in hung
> transactions.
>
>>
>> Or is my only option to move the cache inside of the bandwidth shaper?
>>
>> Thanks in advance,
>>
>> Mike
>
> Squid can send TOS/Diffserv markings for direct QoS labeling. Provided the
> shaper accepts your markings.
> In 2.7 its called http://www.squid-cache.org/Doc/config/zph_local/
> In 3.1+ its http://www.squid-cache.org/Doc/config/qos_flows/
I'll take a look at this and see if the shaper handles this. Thanks!
Mike
Received on Mon Mar 07 2011 - 22:10:50 MST
This archive was generated by hypermail 2.2.0 : Tue Mar 08 2011 - 12:00:01 MST