Date: Thu, 06 Jan 2011 01:29:24 +0300 From: Michael Spratt <mike@magicislandtechnologies.com> To: John Nielsen <lists@jnielsen.net> Cc: freebsd-ipfw@freebsd.org, Fazal Ahmed Malik <fam@sky.net.pk> Subject: Re: Transparent Squid and traffic control Message-ID: <4D24F0C4.7020901@magicislandtechnologies.com> In-Reply-To: <6C2CEB9A-1E8C-4B3D-B91F-E49F3B2DE34B@jnielsen.net> References: <78DC9B784B57453B9C81859DBFFE55F5@fam> <6C2CEB9A-1E8C-4B3D-B91F-E49F3B2DE34B@jnielsen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
John Nielsen wrote: > On Jan 4, 2011, at 8:01 AM, Fazal Ahmed Malik wrote: > > >> I have problem in running transparent squid along with dummynet on FreeBSD 7. I have mpd5 for dialin pppoe which is working perfect along with ipfw dummynet traffic control. Now i want to setup transparent squid using ipfw fwd rule. if i place fwd rule before dummynet rule transparent squid start working but than traffic is not being controlled. Than i placed fwd rule after the dummynet pipe here traffic controlled but transparent squid stop working.Any body have experience in such configuration where both work simultaneously please gave me some hints. >> > > I have done this successfully in the past. You need to remember that for every web request there are potentially two TCP conversations: one between the client and the proxy and one between the proxy and the server. > > You probably do not want to pipe the first type of conversation--requests that can be served from the proxy's cache do not use WAN bandwidth and should be served at full speed over the LAN. > > You DO want to pipe the second type of conversation. Requests from the proxy to web servers over the WAN will compete with other traffic for bandwidth. > > So leave your fwd rule before the dummynet rule(s) and be sure that LAN traffic is not piped. > > Then add rules to pipe requests from the proxy's external IP to non-LAN addresses on port 80. Something like these: > > Downstream: > ipfw add skipto $ACCEPT tcp from $LAN 80 to me > ipfw add pipe $M tcp from any 80 to $EXTIP > > Upstream: > ipfw add skipto $ACCEPT tcp from me to $LAN 80 > ipfw add pipe $N tcp from $EXTIP to any 80 > > If you post a specific ruleset you can get specific advice. :) > > JN > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > John try thinking about using tproxy with your squids and then it will be invisible to your IPFW traffic control as the http traffic will have a spoofed source and not 'confuse' your bw control setup. -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D24F0C4.7020901>