*** Aaron A. Wolfe <aaron@aaronwolfe.com> [16:40 Mon 23.Dec]: > My "problem" is that of course the rate limiting applies to *all* > traffic going out the internal interfaces, so even objects that are in > the squid cache are given to the clients at a fairly slow speed. You can achieve results by using iptables mark facility to mark packets which are passing by your router (from internet) and are not for Your router, and than use this mark value to distinguish if packet is local or not (fw filter). while solving your orginal problem it leaves one more. when client try to fetch object which is not in squid cache, squid will fetch it with full bandwith and serve for client also with full bandwitch. here you should make decision: 1. this is ok behaviour (although little unfair) because such fetched-at-full-speed objects are ready for other clients (also on full speed) 2. this is not ok, and You have to cbq (or rather IMQ) squid which is hard task because there is one squid for all clients. you can try use hbt and grant for squid unused bandwith from all clients by proper classes schema. addidtional to 1. you can 'enhance' it by using squid delaypools to help it to be little more fair. perfect solution is to hack squid to mark its packets based on HIT/MISS. .radek.
