Find the answer to your Linux question:
Results 1 to 2 of 2
Long story... I'll cut out the jargon and keep it simple :] Internet <=> pppX <=> nixBox <=> ethX <=> PC's pppX has in/out Shaping/QoS... nixBox has transparent proxy (squid) ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2008
    Location
    Canberra, Australia
    Posts
    8

    [SOLVED] CONNTRACK through squid transparent proxy - netfilter iptables - conntrack m


    Long story... I'll cut out the jargon and keep it simple :]

    Internet <=> pppX <=> nixBox <=> ethX <=> PC's

    pppX has in/out Shaping/QoS...
    nixBox has transparent proxy (squid) - iptables -t nat -A PREROUTING -i ethX -s .../24 -d ! .../24 -p tcp --dport 80 -j REDIRECT --to-port 3128 etc...

    Problem is all dport 80 traffic that goes through squid, cannot be QoS'd by source anymore, as the source is now always squid at pppX...
    I wish to somehow set CONNMARK from INPUT ethX, and have it follow through Squid to OUTPUT pppX...

    Is this possible? If not, how can it be alternatively implemented.


    I have a few alternative workarounds/theories.

    1. Recreate QoS's at the ethX side.
    Nightmare.. because I have several bond/eth/vlan interfaces to contend with.

    2. Change squid
    Can multiple squid's share a single cache or can I make it listen on multiple ports? Nightmare; Also includes IP accounting rewrite.

    3. Compile TPROXY/other maybe?



    Any/all help would be appreciated.

    Thanks,
    Woodsy

  2. #2
    Just Joined!
    Join Date
    Dec 2008
    Location
    Canberra, Australia
    Posts
    8
    Answering my own question...

    It appears TPROXY for netfilter is exactly what i need..

    More squid/tproxy info here

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •