On 19/06/11 16:14, benjamin fernandis wrote:
> Hi Ragheb,
>
> Thanks for your quick response.
>
> ======================================================
> Take care banjo that for order for this to work all your client ips
> must hit the cache directly and not reach the cache through a nat rule
> otherwise your squid will see that all your web traffic is coming from
> one single ip and thus it will shape all your inner lan traffic as one
> ip and thus all your inner will be shaped to just 512kbps.
> =========================================================
>
> currently my squid 3.1 is running in transparent mode.and i used
> iptables rules to transfer port 80 traffic to port 3128(squid
> port).That is ok.
>
> Is there any change required with my existing setup to achieve delay
> pool facility.
Should not be.
I believe Ragheb's problem as described only occurs if your NAT is on
a different box to Squid. That precise problem being one of the several
reasons we say you MUST NOT have NAT on a separate box when doing
interception with Squid.
Same IP problem will occur if you have any other middleware (such as a
content filter) between Squid and the clients. In this case you need it
to send the X-Forwarded-For header and Squid to define trust of the
relay software with follow_x_forwarded_for access controls.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2Received on Sun Jun 19 2011 - 06:22:53 MDT
This archive was generated by hypermail 2.2.0 : Sun Jun 19 2011 - 12:00:03 MDT