Results 1 to 2 of 2
Long story... I'll cut out the jargon and keep it simple :]
Internet <=> pppX <=> nixBox <=> ethX <=> PC's
pppX has in/out Shaping/QoS...
nixBox has transparent proxy (squid) ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-26-2008 #1Just Joined!
- Join Date
- Dec 2008
- Location
- Canberra, Australia
- Posts
- 8
[SOLVED] CONNTRACK through squid transparent proxy - netfilter iptables - conntrack m
Long story... I'll cut out the jargon and keep it simple :]
Internet <=> pppX <=> nixBox <=> ethX <=> PC's
pppX has in/out Shaping/QoS...
nixBox has transparent proxy (squid) - iptables -t nat -A PREROUTING -i ethX -s .../24 -d ! .../24 -p tcp --dport 80 -j REDIRECT --to-port 3128 etc...
Problem is all dport 80 traffic that goes through squid, cannot be QoS'd by source anymore, as the source is now always squid at pppX...
I wish to somehow set CONNMARK from INPUT ethX, and have it follow through Squid to OUTPUT pppX...
Is this possible? If not, how can it be alternatively implemented.
I have a few alternative workarounds/theories.
1. Recreate QoS's at the ethX side.
Nightmare.. because I have several bond/eth/vlan interfaces to contend with.
2. Change squid
Can multiple squid's share a single cache or can I make it listen on multiple ports? Nightmare; Also includes IP accounting rewrite.
3. Compile TPROXY/other maybe?
Any/all help would be appreciated.
Thanks,
Woodsy
- 01-04-2009 #2Just Joined!
- Join Date
- Dec 2008
- Location
- Canberra, Australia
- Posts
- 8
Answering my own question...
It appears TPROXY for netfilter is exactly what i need..
More squid/tproxy info here
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
