[zorp] Zorp and Traffic Control

[Illes Marton]

On Mon, 31 Mar 2003, c0g wrote:

> Just now I realized, that connections forwarded to squid will make squid
> ~ initiate connection to outside world... with its own source IP... :-P
>
> But maybe there is solution to my traffic shaping problem? Maybe zorp
> and/or netfilter can do some magic to translate this connections? Or
> maybe Zorp has http-cache, so I don't need squid?

Hi,

Zorp does not hava a built-in http-cache functionality. What you can do is
the following:

Have your squid in you intranet, and the clients connect to it. The zorp
accepts connections only from the squid. When the squid requests an URL
from the zorp it puts a X-Forwarded-For: header in the request. With some
tricks Zorp can do an SNAT-based on that header. So you can cache the
connection, and the connections will look like as they come from the
original client.

Of course in this way  you have to trust the squid, which might be a
security risk, and you should also do some kind of verification on the
header value.

In this way you are not transparent to the clients, cause you have to set
the squid as a parent-proxy. I'am just thinking about a soultion to make
zorp+squid absolutly transparent to the clients and to the servers.

Hope it helps you,

Marci