* [LARTC] Proxy question
@ 2003-07-02 8:18 Σταμάτης Κεκές
2003-07-02 11:41 ` Radu-Mihail Obada
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Σταμάτης Κεκές @ 2003-07-02 8:18 UTC (permalink / raw)
To: lartc
Hell everybody,
Yesterday I faced a problem with the shaper I use. Here's my topology
and I'll describe the problem later after the topology.
10.0.1.0 /24 10.0.1.100 eth0
eth1 eth0 10.0.1.1 eth1
+-------------+ +-------------+ +------------------+
+--------------+
| Internal | | | | Traffic shaper |
| |
| Network |-------------->| Squid proxy |---->| Bridge
|------>| Firewall |
| | | | | |
| |
+-------------+ +-------------+ +------------------+
+--------------+
Well this is the http and ftp traffic flow on my netwrok. Some of my
users used to download huge files from the web.
Is there any way to slow down specific IP addresses even if they conect
through the proxy ??
For example I want to slow down the requests made from 10.0.1.51 but
only that host. If I apply a filter for that IP it does not make any
sense cause in fact the proxy is making the connection for that host.
Has anybody else faced this problem ?
Any ideas or suggestions ?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] Proxy question
2003-07-02 8:18 [LARTC] Proxy question Σταμάτης Κεκές
@ 2003-07-02 11:41 ` Radu-Mihail Obada
2003-07-02 11:58 ` ???????? ?????
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Radu-Mihail Obada @ 2003-07-02 11:41 UTC (permalink / raw)
To: lartc
If you're using Squid for the proxy service, check out the docs, it has
the ability to limit bandwith for specific ips, classes, etc.
Regards,
Radu
Σταμάτης Κεκές a scris:
> Hell everybody,
> Yesterday I faced a problem with the shaper I use. Here's my topology
> and I'll describe the problem later after the topology.
>
>
> 10.0.1.0 /24 10.0.1.100 eth0
> eth1 eth0 10.0.1.1 eth1
> +-------------+ +-------------+ +------------------+
> +--------------+
> | Internal | | | | Traffic shaper |
> | |
> | Network |-------------->| Squid proxy |---->| Bridge
> |------>| Firewall |
> | | | | | |
> | |
> +-------------+ +-------------+ +------------------+
> +--------------+
>
> Well this is the http and ftp traffic flow on my netwrok. Some of my
> users used to download huge files from the web.
> Is there any way to slow down specific IP addresses even if they conect
> through the proxy ??
> For example I want to slow down the requests made from 10.0.1.51 but
> only that host. If I apply a filter for that IP it does not make any
> sense cause in fact the proxy is making the connection for that host.
> Has anybody else faced this problem ?
> Any ideas or suggestions ?
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
-----
Radu-Mihail Obada
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] Proxy question
2003-07-02 8:18 [LARTC] Proxy question Σταμάτης Κεκές
2003-07-02 11:41 ` Radu-Mihail Obada
@ 2003-07-02 11:58 ` ???????? ?????
2003-07-02 12:43 ` Chijioke Kalu
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: ???????? ????? @ 2003-07-02 11:58 UTC (permalink / raw)
To: lartc
Hello Radu,
Well I found the delay pools at the squid configration. I need to know
if there's any alternative way to slowdown the traffic for a specific IP
address without modifying anything in the proxy server.
Radu-Mihail Obada wrote:
>If you're using Squid for the proxy service, check out the docs, it has
>the ability to limit bandwith for specific ips, classes, etc.
>Regards,
>Radu
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] Proxy question
2003-07-02 8:18 [LARTC] Proxy question Σταμάτης Κεκές
2003-07-02 11:41 ` Radu-Mihail Obada
2003-07-02 11:58 ` ???????? ?????
@ 2003-07-02 12:43 ` Chijioke Kalu
2003-07-02 13:42 ` Leigh Waldie
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Chijioke Kalu @ 2003-07-02 12:43 UTC (permalink / raw)
To: lartc
Yes am having the same problem,If i get it fixed in time, i'll post my
script, unfortunately delay pools in squid werent as effective as the HTB,
am trying to use steff's IMQ with iptable which shld solve the problem.
you could search the LARTC archives, though am yet to find someone that had
the problem and posted solution to it.
CJ
>
>If you're using Squid for the proxy service, check out the docs, it has
>the ability to limit bandwith for specific ips, classes, etc.
>Regards,
>Radu
>ÓôáìÜôçò ÊåêÝò a scris:
> > Hell everybody,
> > Yesterday I faced a problem with the shaper I use. Here's my topology
> > and I'll describe the problem later after the topology.
> >
> >
> > 10.0.1.0 /24 10.0.1.100 eth0
> > eth1 eth0 10.0.1.1 eth1
> > +-------------+ +-------------+ +------------------+
> > +--------------+
> > | Internal | | | | Traffic shaper |
> > | |
> > | Network |-------------->| Squid proxy |---->| Bridge
> > |------>| Firewall |
> > | | | | | |
> > | |
> > +-------------+ +-------------+ +------------------+
> > +--------------+
> >
> > Well this is the http and ftp traffic flow on my netwrok. Some of my
> > users used to download huge files from the web.
> > Is there any way to slow down specific IP addresses even if they conect
> > through the proxy ??
> > For example I want to slow down the requests made from 10.0.1.51 but
> > only that host. If I apply a filter for that IP it does not make any
> > sense cause in fact the proxy is making the connection for that host.
> > Has anybody else faced this problem ?
> > Any ideas or suggestions ?
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
>
>
>-----
>Radu-Mihail Obada
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?pageþatures/featuredemail
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] Proxy question
2003-07-02 8:18 [LARTC] Proxy question Σταμάτης Κεκές
` (2 preceding siblings ...)
2003-07-02 12:43 ` Chijioke Kalu
@ 2003-07-02 13:42 ` Leigh Waldie
2003-07-02 14:19 ` ???????? ?????
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Leigh Waldie @ 2003-07-02 13:42 UTC (permalink / raw)
To: lartc
Why not change your topology so that you have
Firewall----------------->Shaper-------------->Proxy------------->Internet
This way you have more control over the traffic. Admittedly, you are not truly shaping
the total bandwidth available to you (some of the traffic will be returning to your
clients from the proxy without ever going out to the internet) but maybe with some
tweaking of the traffic shaping you can allow for this ?
Leigh
> Hell everybody,
> Yesterday I faced a problem with the shaper I use. Here's my topology
> and I'll describe the problem later after the topology.
>
>
> 10.0.1.0 /24 10.0.1.100 eth0
> eth1 eth0 10.0.1.1 eth1
> +-------------+ +-------------+ +------------------+
> +--------------+
> | Internal | | | | Traffic shaper |
> | |
> | Network |-------------->| Squid proxy |---->| Bridge
> |------>| Firewall |
> | | | | | |
> | |
> +-------------+ +-------------+ +------------------+
> +--------------+
>
> Well this is the http and ftp traffic flow on my netwrok. Some of my
> users used to download huge files from the web.
> Is there any way to slow down specific IP addresses even if they conect
> through the proxy ??
> For example I want to slow down the requests made from 10.0.1.51 but
> only that host. If I apply a filter for that IP it does not make any
> sense cause in fact the proxy is making the connection for that host.
> Has anybody else faced this problem ?
> Any ideas or suggestions ?
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] Proxy question
2003-07-02 8:18 [LARTC] Proxy question Σταμάτης Κεκές
` (3 preceding siblings ...)
2003-07-02 13:42 ` Leigh Waldie
@ 2003-07-02 14:19 ` ???????? ?????
2003-07-02 15:16 ` Leigh Waldie
2003-07-02 15:28 ` ???????? ?????
6 siblings, 0 replies; 8+ messages in thread
From: ???????? ????? @ 2003-07-02 14:19 UTC (permalink / raw)
To: lartc
Heloooo :-)
Well this is a good oppinion but, what does it happen when somebody make
a big request, the proxy will be unshaped thus it will allocate whole
the line.
A good option is to place another shaper between the proxy and the
internet.
To make it simpler to place the proxy in our DMZ, and place another
shaper for the dmz.
Thanks for the advice my friend
Best regards
Stamatis
Leigh Waldie wrote:
>Why not change your topology so that you have
>
>Firewall----------------->Shaper-------------->Proxy------------->Internet
>
>This way you have more control over the traffic. Admittedly, you are not truly shaping
>the total bandwidth available to you (some of the traffic will be returning to your
>clients from the proxy without ever going out to the internet) but maybe with some
>tweaking of the traffic shaping you can allow for this ?
>
>Leigh
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] Proxy question
2003-07-02 8:18 [LARTC] Proxy question Σταμάτης Κεκές
` (4 preceding siblings ...)
2003-07-02 14:19 ` ???????? ?????
@ 2003-07-02 15:16 ` Leigh Waldie
2003-07-02 15:28 ` ???????? ?????
6 siblings, 0 replies; 8+ messages in thread
From: Leigh Waldie @ 2003-07-02 15:16 UTC (permalink / raw)
To: lartc
> Heloooo :-)
> Well this is a good oppinion but, what does it happen when somebody make
> a big request, the proxy will be unshaped thus it will allocate whole
> the line.
Perhaps you need to put the shaping on the same machine as the proxy, this should allow
you to mark the packets (i think squid can do this) and shape them accordingly?
> A good option is to place another shaper between the proxy and the
> internet.
> To make it simpler to place the proxy in our DMZ, and place another
> shaper for the dmz.
> Thanks for the advice my friend
> Best regards
> Stamatis
> Leigh Waldie wrote:
>
>>Why not change your topology so that you have
>>
>>Firewall----------------->Shaper-------------->Proxy------------->Internet
>>
>>This way you have more control over the traffic. Admittedly, you are not truly shaping
>>the total bandwidth available to you (some of the traffic will be returning to your
>>clients from the proxy without ever going out to the internet) but maybe with some
>>tweaking of the traffic shaping you can allow for this ?
>>
>>Leigh
>>
>>
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] Proxy question
2003-07-02 8:18 [LARTC] Proxy question Σταμάτης Κεκές
` (5 preceding siblings ...)
2003-07-02 15:16 ` Leigh Waldie
@ 2003-07-02 15:28 ` ???????? ?????
6 siblings, 0 replies; 8+ messages in thread
From: ???????? ????? @ 2003-07-02 15:28 UTC (permalink / raw)
To: lartc
Leigh Waldie wrote:
>>Heloooo :-)
>>Well this is a good oppinion but, what does it happen when somebody make
>>a big request, the proxy will be unshaped thus it will allocate whole
>>the line.
>>
>>
>
>Perhaps you need to put the shaping on the same machine as the proxy, this should allow
>you to mark the packets (i think squid can do this) and shape them accordingly?
>
>
Well I want them separate. Anyway I'll add 2 more interfaces on the
current shaper and build another bridge which will shape my DMZ then to
tighten the shaping policy.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2003-07-02 15:28 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-07-02 8:18 [LARTC] Proxy question Σταμάτης Κεκές
2003-07-02 11:41 ` Radu-Mihail Obada
2003-07-02 11:58 ` ???????? ?????
2003-07-02 12:43 ` Chijioke Kalu
2003-07-02 13:42 ` Leigh Waldie
2003-07-02 14:19 ` ???????? ?????
2003-07-02 15:16 ` Leigh Waldie
2003-07-02 15:28 ` ???????? ?????
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.