On 29/05/2012 11:40, Matus UHLAR - fantomas wrote:
>> On 25/05/2012 10:31 a.m., Luis Candia wrote:
>>> Hi, we have a proxy to control the acces to Internet to the Lan users
>>> and it is working right. Now I want to install a Router capable to do
>>> a traffic shaping using the original ip addres of the LAN users, but
>>> the router just can see the external IP of the squid server, I tried
>>> to disable this kind of NATing that is doing the squid server but no
>>> success. Please I need your help.
>
> On 27.05.12 22:00, Amos Jeffries wrote:
>> You have several options:
>>
>> 1) use Squid HTTP-level access and service controls. These include
>> several ways of QoS tagging of traffic by Squid. ie no need for the
>> router to know the lient internal IP, just to process the transaction
>> TOS properly.
>>
>> 2) use a router software which supports HTTP relay/proxy itself and
>> can identify the HTTP X-Forwarded-For headers added by Squid (enabling
>> forwarded_for in squid.conf if its disabled).
>>
>> 3) setup Squid as a TPROXY interception proxy. Which retains the
>> TCP-level IP address info across the Squid software processing stage.
>> This does exactly what you ask for but breaks the HTTP multiplexing
>> features annoying you, and a few others such as: authentication, DNS
>> offloading, and non-HTTP protocol gatewaying.
>
> I think there could be another one
>
> 4) Put the router between clients and squid either directly, or by
> putting squid to different network aka "DMZ", so the router will be able
> to shape traffic from squid.
>
it can be implemented this way but then you are losing many of the
benefits of squid cache..
elizer
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Tue May 29 2012 - 13:04:49 MDT
This archive was generated by hypermail 2.2.0 : Tue May 29 2012 - 12:00:05 MDT