On Jan 4, 2011, at 8:01 AM, Fazal Ahmed Malik wrote: > I have problem in running transparent squid along with dummynet on FreeBSD 7. > I have mpd5 for dialin pppoe which is working perfect along with ipfw > dummynet traffic control. Now i want to setup transparent squid using ipfw > fwd rule. if i place fwd rule before dummynet rule transparent squid start > working but than traffic is not being controlled. Than i placed fwd rule > after the dummynet pipe here traffic controlled but transparent squid stop > working.Any body have experience in such configuration where both work > simultaneously please gave me some hints.
I have done this successfully in the past. You need to remember that for every web request there are potentially two TCP conversations: one between the client and the proxy and one between the proxy and the server. You probably do not want to pipe the first type of conversation--requests that can be served from the proxy's cache do not use WAN bandwidth and should be served at full speed over the LAN. You DO want to pipe the second type of conversation. Requests from the proxy to web servers over the WAN will compete with other traffic for bandwidth. So leave your fwd rule before the dummynet rule(s) and be sure that LAN traffic is not piped. Then add rules to pipe requests from the proxy's external IP to non-LAN addresses on port 80. Something like these: Downstream: ipfw add skipto $ACCEPT tcp from $LAN 80 to me ipfw add pipe $M tcp from any 80 to $EXTIP Upstream: ipfw add skipto $ACCEPT tcp from me to $LAN 80 ipfw add pipe $N tcp from $EXTIP to any 80 If you post a specific ruleset you can get specific advice. :) JN _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"