Re: [squid-users] transparent integration with proxy on router

From: Todd Nine <todd_at_spidertracks.co.nz>
Date: Tue, 29 Sep 2009 10:24:36 +1300

Thanks for the help! I read over the rules and it was quite easy to set
up what I needed once I had the right directive. I simply set up the
following.

#Set up our ACL for high throughput sites
acl high_throughput dstdomain .amazonaws.com

#Bind high throughput to the wireless interface
tcp_outgoing_address 116.90.140.xx high_throughput

However we're having a side effect issue. Our router box is a bit old
(an old P4), and we can't keep up with the squid demands due to the
number of users with 2 GB of ram. Is there a directive that I can tell
squid not to proxy connections unless they meet the "high_throughput"
acl? I looked and couldn't find any bypass directives that met what I
needed.

Thanks,
Todd

Amos Jeffries wrote:
> On Mon, 28 Sep 2009 16:21:16 +1300, Todd Nine <todd_at_spidertracks.co.nz>
> wrote:
>
>> Hi all,
>> I'm using squid on a pfSense router we've built. We have 2
>> connections, one we pay for usage (DSL) and one we do not (Wireless).
>> We use Amazon S3 extensively at work. We've been attempting to route
>> all traffic over the wireless via an IP range, but as S3 can change IPs,
>> this doesn't work and we end up with a large bill for our DSL. Is it
>> possible to have squid route connections via a specific interface if a
>> hostname such as "amazonaws.com" is in the HTTP request header?
>>
>> Thanks,
>> Todd
>>
>
> Yes you can.
>
> Find an IP assigned to the interface you want traffic to go out. Use the
> tcp_outgoing_addr directive and ACLs that match the requests to make sure
> all the requests to that domain are assigned that outgoing address. Then
> make sure the OS sends traffic from that IP out the right interface.
>
> Amos
>

-- 
todd
SENIOR SOFTWARE ENGINEER
todd nine | spidertracks ltd |  117a the square
po box 5203 | palmerston north 4441 | new zealand
P: +64 6 353 3395 | M: +64 210 255 8576 
E: todd_at_spidertracks.co.nz <mailto:todd_at_spidertracks.co.nz> 
 W: www.spidertracks.com <http://www.spidertracks.com>
Received on Mon Sep 28 2009 - 21:25:01 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 29 2009 - 12:00:03 MDT