On Mon, 7 Mar 2011 11:26:09 -0600, Mike Husmann wrote:
> Hello all,
> Thanks for everyone who works to make this such a great product.
>
> I've built a transparent proxy from source (2.7..) and it works
> really
> well. What I'm wondering now is if I can fool my downstream
> bandwidth
> shaper into not throttling the cache hits that come from squid. Is
> it
> possible to do such a thing? For instance, tell squid to answer the
> hit with it's IP rather than the original (external) IP?
Let me get this straight. You have:
Client ->router1->Internet->router2->(NAT)->Squid->Internet
?? seems like a terribly long chain of software in order to pass it
through NAT.
Either way, No the port cannot be changed. Transparent proxy / MITM /
hijacking attacks have a very strict set of limits around what can be
done to the squid->client traffic. The client security systems will
reject any response which differs from its expected reply and result in
hung transactions.
>
> Or is my only option to move the cache inside of the bandwidth
> shaper?
>
> Thanks in advance,
>
> Mike
Squid can send TOS/Diffserv markings for direct QoS labeling. Provided
the shaper accepts your markings.
In 2.7 its called http://www.squid-cache.org/Doc/config/zph_local/
In 3.1+ its http://www.squid-cache.org/Doc/config/qos_flows/
Amos
Received on Mon Mar 07 2011 - 22:03:20 MST
This archive was generated by hypermail 2.2.0 : Tue Mar 08 2011 - 12:00:01 MST