Jorge Daza García-Blanes wrote: > I forgot, the dport 80 not working: could it be because should be > sport 80 ? >
Jorge,
With regards to the transparent proxy, good spotting! I wouldn't have found that
in quite a while because it would never occur to me that someone would be trying
to do incoming traffic shaping while running a proxy.
The reason that I wouldn't have considered that approach is that it basically
can't work correctly. What you are usually trying to do when shaping incoming
traffic is to limit the load on your Internet link; in this case, Ismael wants
to limit the traffic generated by 192.168.200.1. But it is impossible to
identify the Squid-generated Internet traffic is the result of requests from
192.168.200.1.
Ismael can mark the traffic from Squid->192.168.200.1 using this rule:
<mark value> $FW 192.168.200.1 tcp - 3128
But that will mark responses from Squid that were handled from its cache and
that generated no traffic on the Internet link at all!
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
