[SOLVED] CONNTRACK through squid transparent proxy - netfilter iptables - conntrack m
Long story... I'll cut out the jargon and keep it simple :]
Internet <=> pppX <=> nixBox <=> ethX <=> PC's
pppX has in/out Shaping/QoS...
nixBox has transparent proxy (squid) - iptables -t nat -A PREROUTING -i ethX -s .../24 -d ! .../24 -p tcp --dport 80 -j REDIRECT --to-port 3128 etc...
Problem is all dport 80 traffic that goes through squid, cannot be QoS'd by source anymore, as the source is now always squid at pppX...
I wish to somehow set CONNMARK from INPUT ethX, and have it follow through Squid to OUTPUT pppX...
Is this possible? If not, how can it be alternatively implemented.
I have a few alternative workarounds/theories.
1. Recreate QoS's at the ethX side.
Nightmare.. because I have several bond/eth/vlan interfaces to contend with.
2. Change squid
Can multiple squid's share a single cache or can I make it listen on multiple ports? Nightmare; Also includes IP accounting rewrite.
3. Compile TPROXY/other maybe?
Any/all help would be appreciated.