Everyone,
I have compiled squid 3.1.6 from source on amd64 Debian 5.0 with
zph options enabled. I don't peer with any other caches, so all peering
stuff is disabled in my build. I did not compile a kernel with the zph
patches, because, as I understand, that is only necessary if I want to
preserve zph marks between caches. Plus, there is no zph patch for
the kernel version I am running.
With shorewall redirect rules, squid is operating as a transparent
intercepting proxy just fine. I do not use tproxy - this is a NAT setup.
I can not get the zph functions to work.
Here are my config options:
squid.conf
...
qos_flows local-hit=0x30
...
shorewall tcstart:
#root htb
tc qdisc add dev eth1 root handle 1: htb default 1
#default htb
tc class add dev eth1 parent 1: classid 1:1 htb rate 64kbps /
ceil 64kbps
#squid htb
tc class add dev eth1 parent 1: classid 1:7 htb rate 1Mbit
tc filter add dev eth1 parent 1: protocol ip prio 1 u32 match /
ip protocol 0x6 0xff match ip tos 0x30 0xff flowid 1:7
#I tried this for squid too
#tc filter add dev eth1 parent 1: protocol ip prio 1 u32 match /
ip protocol 0x6 0xff match u32 0x880430 0xffffffff at 20 flowid 1:7
The shorewall tcrules are all commented out right now, so it is not applying
any filtering.
I have about one week to finish off this server for production... Help?
Jason Wallace
Received on Tue Apr 07 2009 - 04:45:15 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 07 2009 - 12:00:02 MDT