[zorp] Zorp and Traffic Control

c0g zorp@lists.balabit.hu
Mon, 31 Mar 2003 22:28:18 +0200

Hash: SHA1

| You need to use ForgeClientSourceNAT as SNAT, or if you use
| TransparentRouter you can set the forge_addr attribute to TRUE.
| Both end up, that when Zorp connects to the server it uses the client
| original IP address as the source address of the connection.

So - it could be done! Great! :)

| I am not sure about your point of doing traffic shaping, but anyhow you
| can do it with Zorp of course.

The problem with my current squid transparent proxy is that proxied
connections come from squid IP. So cbq filters on external NIC (which
catch and put into apropriate queues outgoing, non-http traffic) don't
work for http. It is a "hole" in my bandwidth limiting scheme; clients
can upload thru http at full speed!
Of course, I could use squid traffic shaping features, but it is not the
right way I think. Squid queue and CBQ queue are separated, and this
makes traffic borrowing from unused classes impossible.

I read, Zorp support parent proxy, so I could use it as "child" proxy
for my squid...


Just now I realized, that connections forwarded to squid will make squid
~ initiate connection to outside world... with its own source IP... :-P

But maybe there is solution to my traffic shaping problem? Maybe zorp
and/or netfilter can do some magic to translate this connections? Or
maybe Zorp has http-cache, so I don't need squid?


- --
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org