On Mon, Mar 7, 2011 at 4:03 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On Mon, 7 Mar 2011 11:26:09 -0600, Mike Husmann wrote: >> >> Hello all, >> Thanks for everyone who works to make this such a great product. >> >> I've built a transparent proxy from source (2.7..) and it works really >> well. What I'm wondering now is if I can fool my downstream bandwidth >> shaper into not throttling the cache hits that come from squid. Is it >> possible to do such a thing? For instance, tell squid to answer the >> hit with it's IP rather than the original (external) IP? > > Let me get this straight. You have: > > Client ->router1->Internet->router2->(NAT)->Squid->Internet > ?? seems like a terribly long chain of software in order to pass it through > NAT. > > Either way, No the port cannot be changed. Transparent proxy / MITM / > hijacking attacks have a very strict set of limits around what can be done > to the squid->client traffic. The client security systems will reject any > response which differs from its expected reply and result in hung > transactions. > >> >> Or is my only option to move the cache inside of the bandwidth shaper? >> >> Thanks in advance, >> >> Mike > > Squid can send TOS/Diffserv markings for direct QoS labeling. Provided the > shaper accepts your markings. > In 2.7 its called http://www.squid-cache.org/Doc/config/zph_local/ > In 3.1+ its http://www.squid-cache.org/Doc/config/qos_flows/ I'll take a look at this and see if the shaper handles this. Thanks! Mike
