> Good afternoon, > > I have two networks (A and B). Users on network A should have internet > priority over users in network B. We have a server acting as an internet > gateway between A, B, and the internet; and we're using iptables and tc to > do some shaping (priorizing HTTP over SMTP, A over B, etc...). > > This server also runs SQUID cache, which is used by both networks A and B > users. The problem is that it's impossible to enforce A over B priority > for HTTP using the source IP because all outbound requests come from > SQUID. > > Having two SQUIDs (one on each network) needs additional hardware and is > not planned right now. > I have thought about setting SQUID to use different source port ranges for > outbound connections (based on the network the request came from), so that > I can shape packets from this information. I googled for such and SQUID > config, it looks like I'm not the first to ask this question, but all I > found were pieces of C code. Is there, somewhere, a configuration trick > that allows to do this ? tcp_outgoing_tos + ACLs I think does what you are after. Amos
