On Mon, 7 Mar 2011 11:26:09 -0600, Mike Husmann wrote:
Hello all,
Thanks for everyone who works to make this such a great product.
I've built a transparent proxy from source (2.7..) and it works
really
well. What I'm wondering now is if I can fool my downstream
bandwidth
shaper into not throttling the cache hits that come from squid. Is
it
possible to do such a thing? For instance, tell squid to answer the
hit with it's IP rather than the original (external) IP?
Let me get this straight. You have:
Client ->router1->Internet->router2->(NAT)->Squid->Internet
?? seems like a terribly long chain of software in order to pass it
through NAT.
Either way, No the port cannot be changed. Transparent proxy / MITM /
hijacking attacks have a very strict set of limits around what can be
done to the squid->client traffic. The client security systems will
reject any response which differs from its expected reply and result in
hung transactions.
Or is my only option to move the cache inside of the bandwidth
shaper?
Thanks in advance,
Mike
Squid can send TOS/Diffserv markings for direct QoS labeling. Provided
the shaper accepts your markings.
In 2.7 its called http://www.squid-cache.org/Doc/config/zph_local/
In 3.1+ its http://www.squid-cache.org/Doc/config/qos_flows/
Amos