On Thu, May 26, 2005 at 08:41:32PM +0100, Andy Furniss wrote:
> Well remember I don't use squid so don't really know, but I imagine that
> all lan connections on the relevant ports go to squid and squid then
> makes seperate connections to the internet if required. So all traffic
> headed from the internet to squid will have the dst IP of the internet
> interface even if you hook imq after (de)NAT other traffic will have
> local dst addresses.
What I have seen is what happens on eth1... my LAN interface.
I am able to use 2 kind of filters:
- One kind on src ip: in this filter I check for my DMZ network and put
the traffic in the LAN-speed class.
- One kind on dst ip: in which I split up the rest of the traffic up for
the 6 classes at Internet-speed
This is because traffic on eth1 is de-NATed and squid spoofs the src ip
of the original site. But again... this is just experience from testing
it and deduction. And it seems to be working ;) If I am able to set the
Tos field to a certain value for hits, I presume I can make a third
kind of filter to put these hit-packages in the LAN-speed class.
Peter
--
Reisner's Rule of Conceptual Inertia:
If you think big enough, you'll never have to do it.
_______________________________________________
LARTC mailing list
[email protected]
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
