Hello Ming-Ching Dnia So Marca 29 2008, 15:30, Ming-Ching Tiew napisał(a): (...)

Well among all things you have at least gotten to patch the 2.6.25-rc7 kernel. Good ! That's a big step better than just ***STARE*** at the patch and refuse to use use it and then start asking all sorts of question about where is the correct patch !

Sorry, I thought that clients traffic to squid will be DNATed. Now I know, that with new tproxy it is better to use more inteligent solution. Packets CONNMARKing and change routing tables with "ip rule" and fwmark.Like Henrik Nordstrom said on router0 and routers a,b,c.. iptables -t mangle entires marks http traffic and redirect routing to squid machine. Now squid (patched with tproxy-squid-2.6-STABLE18.20080304-110716-1204625236.patch) cacheing flow but with IP address of Squid ( not clients). Laszlo Attila Toth told that problem is with squid patch. So now we need to ask who is able to fix tproxy-4.1 patch to squid 2.6? I'm right, am I? Regards, Tomasz PS Sorry for my english.

Until you have become an advance user, may I know what is stopping you to make the squid box a bridge ?

I don't want to have next server between routers. I'm fighting wth DoS attacks (viruses, ect..) and I'm afraid that processor on squid machine may not handle thousands interupts generated during attacks. Beter for me is standalone and more resistant server. On my router0 during "attack" on top I have sometimes over 80-90% of ksoftirqd/0 (I have Intel pci-e 82572EI and 82573V cards). Regards, Tomasz PS. Sorry for my english