Re: [squid-users] TOS Portal? from Chris Robertson on 2009-02-11 (squid-users)

From: Chris Robertson <crobertson_at_gci.net>
Date: Wed, 11 Feb 2009 14:25:38 -0900

Amos Jeffries wrote:
>> Quick question for you all. Would it be possible to use squid, in part,
>> as a Terms of Service portal? In other words, using an external_acl
>> helper, return OK if IP/MAC has accepted, or redirect if not? I would
>> love to use the wccpv2/gre tunnel and the fault tolerance built in to
>> eliminate a failure point by using a bridged or router acl solution.
>> I've played around with PFSense and M0n0wall and they don't really work
>> with our network/dhcp structure. We serve two different wireless
>> technologies and vlaning kills any of these options. We want only new
>> customers to get caught, but all customers to pass through in the event
>> of hardware failure. I looked at a solution FrontPorch offers and it's
>> pretty slick. They have both an inline and passive solution. The
>> inline uses a proprietary NIC that has a solenoid that trips in the
>> event of a hardware failure creating a hardwire connection. The passive
>> solution somehow uses communication with the router to redirect. They
>> mirror tcp traffic and I don't know what else. Anyway, I got a little
>> long winded there. Any thoughts? Thanks guys..
>>
>> Tony
>>
>>
>
>
> Theoretically yes. You will need to test and see if it works for you in
> practice.
>
> The problem is that the tcp_outgoing_tos selection ACL in Squid can only
> work from cached external_acl results. (It would require a small re-code
> of the outbound connection pathway to alter that).
> BUT, the external ACL can be used in http_access to permit access into
> squid at the point of receiving. So the result can be cached by that
> lookup.
>
> For src-IP its just peachy. For MAC the machines need to be directly on
> the same switch or arp-relay enable across the network, for ARP lookups to
> work.
>
> Amos
>

I think what the requester is looking for (not so much prioritization of
traffic, but getting each user to acknowledge an Acceptable Use Policy,
or the like) is better provided by the session helper .

The session helper is included with the Squid source.

Chris
Received on Wed Feb 11 2009 - 23:21:40 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 12 2009 - 12:00:02 MST