On 25/05/2012 10:31 a.m., Luis Candia wrote:
Hi, we have a proxy to control the acces to Internet to the Lan users
and it is working right. Now I want to install a Router capable to do
a traffic shaping using the original ip addres of the LAN users, but
the router just can see the external IP of the squid server, I tried
to disable this kind of NATing that is doing the squid server but no
success. Please I need your help.
On 27.05.12 22:00, Amos Jeffries wrote:
You have several options:
1) use Squid HTTP-level access and service controls. These include
several ways of QoS tagging of traffic by Squid. ie no need for the
router to know the lient internal IP, just to process the transaction
TOS properly.
2) use a router software which supports HTTP relay/proxy itself and
can identify the HTTP X-Forwarded-For headers added by Squid
(enabling forwarded_for in squid.conf if its disabled).
3) setup Squid as a TPROXY interception proxy. Which retains the
TCP-level IP address info across the Squid software processing stage.
This does exactly what you ask for but breaks the HTTP multiplexing
features annoying you, and a few others such as: authentication, DNS
offloading, and non-HTTP protocol gatewaying.
I think there could be another one
4) Put the router between clients and squid either directly, or by
putting squid to different network aka "DMZ", so the router will be able to
shape traffic from squid.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
