Re: [squid-users] TOS Portal?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 12 Feb 2009 14:10:21 +1300 (NZDT)

> Amos Jeffries wrote:
>>> Quick question for you all. Would it be possible to use squid, in
>>> part,
>>> as a Terms of Service portal? In other words, using an external_acl
>>> helper, return OK if IP/MAC has accepted, or redirect if not? I would
>>> love to use the wccpv2/gre tunnel and the fault tolerance built in to
>>> eliminate a failure point by using a bridged or router acl solution.
>>> I've played around with PFSense and M0n0wall and they don't really work
>>> with our network/dhcp structure. We serve two different wireless
>>> technologies and vlaning kills any of these options. We want only new
>>> customers to get caught, but all customers to pass through in the event
>>> of hardware failure. I looked at a solution FrontPorch offers and it's
>>> pretty slick. They have both an inline and passive solution. The
>>> inline uses a proprietary NIC that has a solenoid that trips in the
>>> event of a hardware failure creating a hardwire connection. The
>>> passive
>>> solution somehow uses communication with the router to redirect. They
>>> mirror tcp traffic and I don't know what else. Anyway, I got a little
>>> long winded there. Any thoughts? Thanks guys..
>>>
>>> Tony
>>>
>>>
>>
>>
>> Theoretically yes. You will need to test and see if it works for you in
>> practice.
>>
>> The problem is that the tcp_outgoing_tos selection ACL in Squid can only
>> work from cached external_acl results. (It would require a small re-code
>> of the outbound connection pathway to alter that).
>> BUT, the external ACL can be used in http_access to permit access into
>> squid at the point of receiving. So the result can be cached by that
>> lookup.
>>
>> For src-IP its just peachy. For MAC the machines need to be directly on
>> the same switch or arp-relay enable across the network, for ARP lookups
>> to
>> work.
>>
>> Amos
>>
>
> I think what the requester is looking for (not so much prioritization of
> traffic, but getting each user to acknowledge an Acceptable Use Policy,
> or the like) is better provided by the session helper .
>
> The session helper is included with the Squid source.
>
> Chris
>

Aye. now that you mention it...

Amos
Received on Thu Feb 12 2009 - 01:10:24 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 12 2009 - 12:00:02 MST