Please keep squid related discussion on the squid-users mailinglist, or
Netfilter discussions on the proper netfilter list.
And no, you do not need 100 public IPs. You can NAT all of them to a
single IP when the packet leaves the box, only using the IPs as keying
material to the traffic shaper.
CONNMARK may help you in how to deal with non-proxied traffic in certain
situations, but probably not much here. With CONNMARK you can set a packet
level nfmark value which is persistent for the whole session, allowing
intreresting classifications of TCP sessions rather than packets for the
packet filter. Not much related to Squid however.
Regards
Henrik
On Thu, 20 Jan 2005, Rio Martin. wrote:
> Hello Henrik,
> Recently i found an article on the net about tcp_outgoing_address patch for
> Squid. I tried this patch for 1 day and i am so glad that this patch worked
> as expected.
> Except for 1 small problem: i am running out of IPv4 IPs .. :((
>
> My linux box is Squid Proxy + tc bandwidth shaper + router
> if i choose to set tcp_outgoing_address to my public IPv4, then it would be
> impossible, because i ve to prepare for 100 ips thats equal to 100 class for
> my htb shaper.
>
> And if i set the tcp_outgoing_address to private LAN ips, then i am not able
> to shape every packets coming to those different ips, because those ip is
> inside the box and not routeable from Internet (private IPs), while the rule
> of tc is only able to shape traffic leaving out interfaces.
>
> Included with this article is your CONNMARK patch. I didnt seemed to
> understand very well about how this work. But do u tink i should go with
> CONNMARK ?
>
> Thanks before, hope u dont mind for helping me out..
>
> Regards,
> Rio Martin.
>
Received on Thu Jan 20 2005 - 07:28:31 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST