>>>On 25/05/2012 10:31 a.m., Luis Candia wrote:
>>>>Hi, we have a proxy to control the acces to Internet to the Lan users
>>>>and it is working right. Now I want to install a Router capable to do
>>>>a traffic shaping using the original ip addres of the LAN users, but
>>>>the router just can see the external IP of the squid server, I tried
>>>>to disable this kind of NATing that is doing the squid server but no
>>>>success. Please I need your help.
>>On 27.05.12 22:00, Amos Jeffries wrote:
>>>You have several options:
>>>
>>>1) use Squid HTTP-level access and service controls. These include
>>>several ways of QoS tagging of traffic by Squid. ie no need for the
>>>router to know the lient internal IP, just to process the transaction
>>>TOS properly.
>>>
>>>2) use a router software which supports HTTP relay/proxy itself and
>>>can identify the HTTP X-Forwarded-For headers added by Squid (enabling
>>>forwarded_for in squid.conf if its disabled).
>>>
>>>3) setup Squid as a TPROXY interception proxy. Which retains the
>>>TCP-level IP address info across the Squid software processing stage.
>>>This does exactly what you ask for but breaks the HTTP multiplexing
>>>features annoying you, and a few others such as: authentication, DNS
>>>offloading, and non-HTTP protocol gatewaying.
>On 29/05/2012 11:40, Matus UHLAR - fantomas wrote:
>>I think there could be another one
>>
>>4) Put the router between clients and squid either directly, or by
>>putting squid to different network aka "DMZ", so the router will be able
>>to shape traffic from squid.
On 29.05.12 16:04, Eliezer Croitoru wrote:
>it can be implemented this way but then you are losing many of the
>benefits of squid cache..
I have advised it this way just to benefit of squid cache. In DMZ you
can see the real IPs and yet still use shaping.
If the issue is that the OP doesn't want to shape traffic from proxy
cache to clients (only the from net to squid), (s)he will have to
implement shaping at squid level, or use the tproxy solution.
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people you know are below average.Received on Thu Jun 14 2012 - 09:18:26 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 14 2012 - 12:00:06 MDT