Thanks Tom ! actually I think there's some option to set the ToS on squid for outgoung traffic.
If that could be somehow related to an ACL belonging to that local ip, you could mark outgoing connections based on your weird ToS, and then clear the ToS value just before letting the packet go. Would that be an option ? (If that's allowed by squid, which I haven't checked but will right now) Best wishes, Jorge Jorge Daza García-Blanes [EMAIL PROTECTED] - GPG id: 5D7ACDEF On 30/12/2006, at 17:18, Tom Eastep wrote: > Jorge Daza García-Blanes wrote: >> I forgot, the dport 80 not working: could it be because should be >> sport 80 ? >> > > Jorge, > > With regards to the transparent proxy, good spotting! I wouldn't > have found that > in quite a while because it would never occur to me that someone > would be trying > to do incoming traffic shaping while running a proxy. > > The reason that I wouldn't have considered that approach is that it > basically > can't work correctly. What you are usually trying to do when > shaping incoming > traffic is to limit the load on your Internet link; in this case, > Ismael wants > to limit the traffic generated by 192.168.200.1. But it is > impossible to > identify the Squid-generated Internet traffic is the result of > requests from > 192.168.200.1. > > Ismael can mark the traffic from Squid->192.168.200.1 using this rule: > > <mark value> $FW 192.168.200.1 tcp - 3128 > > But that will mark responses from Squid that were handled from its > cache and > that generated no traffic on the Internet link at all! > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ [EMAIL PROTECTED] > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV________________________________ > _______________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
