Everyone, I have compiled squid 3.1.6 from source on amd64 Debian 5.0 with zph options enabled. I don't peer with any other caches, so all peering stuff is disabled in my build. I did not compile a kernel with the zph patches, because, as I understand, that is only necessary if I want to preserve zph marks between caches. Plus, there is no zph patch for the kernel version I am running. With shorewall redirect rules, squid is operating as a transparent intercepting proxy just fine. I do not use tproxy - this is a NAT setup. I can not get the zph functions to work. Here are my config options: squid.conf ... qos_flows local-hit=0x30 ... shorewall tcstart: #root htb tc qdisc add dev eth1 root handle 1: htb default 1 #default htb tc class add dev eth1 parent 1: classid 1:1 htb rate 64kbps / ceil 64kbps #squid htb tc class add dev eth1 parent 1: classid 1:7 htb rate 1Mbit tc filter add dev eth1 parent 1: protocol ip prio 1 u32 match / ip protocol 0x6 0xff match ip tos 0x30 0xff flowid 1:7 #I tried this for squid too #tc filter add dev eth1 parent 1: protocol ip prio 1 u32 match / ip protocol 0x6 0xff match u32 0x880430 0xffffffff at 20 flowid 1:7 The shorewall tcrules are all commented out right now, so it is not applying any filtering. I have about one week to finish off this server for production... Help? Jason Wallace
