And no, you do not need 100 public IPs. You can NAT all of them to a single IP when the packet leaves the box, only using the IPs as keying material to the traffic shaper.
CONNMARK may help you in how to deal with non-proxied traffic in certain situations, but probably not much here. With CONNMARK you can set a packet level nfmark value which is persistent for the whole session, allowing intreresting classifications of TCP sessions rather than packets for the packet filter. Not much related to Squid however.
Regards Henrik
On Thu, 20 Jan 2005, Rio Martin. wrote:
Hello Henrik, Recently i found an article on the net about tcp_outgoing_address patch for Squid. I tried this patch for 1 day and i am so glad that this patch worked as expected. Except for 1 small problem: i am running out of IPv4 IPs .. :((
My linux box is Squid Proxy + tc bandwidth shaper + router if i choose to set tcp_outgoing_address to my public IPv4, then it would be impossible, because i ve to prepare for 100 ips thats equal to 100 class for my htb shaper.
And if i set the tcp_outgoing_address to private LAN ips, then i am not able to shape every packets coming to those different ips, because those ip is inside the box and not routeable from Internet (private IPs), while the rule of tc is only able to shape traffic leaving out interfaces.
Included with this article is your CONNMARK patch. I didnt seemed to understand very well about how this work. But do u tink i should go with CONNMARK ?
Thanks before, hope u dont mind for helping me out..
Regards, Rio Martin.
