Asim Ahmed Khan wrote: > thanks tom for your help. But i would like to mention the fact that i > tried these rules on a single test computer first. There they worked > fine or you can say i couldn't test as much as 100 users with all sorts > of traffic needs can test! All problems started except a few after > opening it for general users. In transparent proxy i had too many issues > of net access braeking too often. But on non-transparent atleast for > general users internet is working fine.
That's interesting. From the point of view of system resources, transparent and non-transparent are the same. Each connection which fetches a non-cached page requires a second connection from the proxy (squid) to the net. So if you were running out of conntrack entries (for example) with transparent proxying, you should also run out with manual proxying. In the absence of any limiting rules or traffic shaping (as in your case), the Shorewall-configured firewall does exactly the same thing for each connection of a given type. So issues that arise when volume is increased are extremely unlikely to be associated with the firewall configuration. I can't speak to any possible volume-related issues with squid because the volume on my own site is so light. > > I'll try to setup a test computer again and see if i can diagnose > problem with transparent mode. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
