Re: [squid-users] transparent integration with proxy on router

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 29 Sep 2009 11:12:10 +1200

On Tue, 29 Sep 2009 09:32:49 +1300, Todd Nine <todd_at_spidertracks.co.nz>
wrote:
> Thanks for the help! I read over the rules and it was quite easy to set
> up what I needed once I had the right directive. I simply set up the
> following.
>
> #Set up our ACL for high throughput sites
> acl high_throughput dstdomain .amazonaws.com
>
> #Bind high throughput to the wireless interface
> tcp_outgoing_address 116.90.140.xx high_throughput
>
> However we're having a side effect issue. Our router box is a bit old
> (an old P4), and we can't keep up with the squid demands due to the
> number of users with 2 GB of ram. Is there a directive that I can tell
> squid not to proxy connections unless they meet the "high_throughput"
> acl? I looked and couldn't find any bypass directives that met what I
> needed.
>
> Thanks,
> Todd

Once connections have already entered Squid its too late to not send them
to Squid.

I have run Squid on P4s routers with 256MB of RAM for hundreds of domains
and dozens of clients without having the box run up much of a sweat. What
is your load (both CPU box load, and visitor rates, bandwidth) like?
Also check your other configuration and access controls are using efficient
methods, if you don't know what those are already I'm happy to give configs
an audit and point things that need adjusting out.

Amos

>
> Amos Jeffries wrote:
>> On Mon, 28 Sep 2009 16:21:16 +1300, Todd Nine <todd_at_spidertracks.co.nz>
>> wrote:
>>
>>> Hi all,
>>> I'm using squid on a pfSense router we've built. We have 2
>>> connections, one we pay for usage (DSL) and one we do not (Wireless).
>>> We use Amazon S3 extensively at work. We've been attempting to route
>>> all traffic over the wireless via an IP range, but as S3 can change
IPs,
>>>
>>> this doesn't work and we end up with a large bill for our DSL. Is it
>>> possible to have squid route connections via a specific interface if a
>>> hostname such as "amazonaws.com" is in the HTTP request header?
>>>
>>> Thanks,
>>> Todd
>>>
>>
>> Yes you can.
>>
>> Find an IP assigned to the interface you want traffic to go out. Use the
>> tcp_outgoing_addr directive and ACLs that match the requests to make
sure
>> all the requests to that domain are assigned that outgoing address.
Then
>> make sure the OS sends traffic from that IP out the right interface.
>>
>> Amos
>>
Received on Mon Sep 28 2009 - 23:12:16 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 29 2009 - 12:00:03 MDT