[Web proxy rules] and [Traffic Shaping]

webproxy
firewall

(Juan Carlos Fernandez) #1

NethServer Version: 7.5.1804 (final)
Module: Web proxy, Basic firewall

I have the following setup on traffic shaping:

On [Rules] tab at [Web proxy] module, I’m only allow to set two actions (High Priority and Low Priority) regarding [Traffic Shaping]. How can I set any of the four Traffic Shaping Classes that I defined? I assume that [High Priority Action] points to [Traffic Shaping Class High] and the [Low Priority Action] points to [Traffic Shaping Class Low] which are created by default, yet is there a way to change this?


(Markus Neuberger) #2

You have to set them in the firewall rules, not in the web proxy:

grafik

http://docs.nethserver.org/en/v7/firewall.html#traffic-shaping


(Juan Carlos Fernandez) #3

And if I want to set this Priority Rules for proxy traffic?


(Markus Neuberger) #4

I never tested, did you try “https” as service in the firewall rule? You may need a second rule for http or create a service for ports 80 and 443.


(Juan Carlos Fernandez) #5

I’m have been playing around with both [Web Proxy] rules and [Firewall Rules]. By setting this set of rules on [Web Proxy] rules:

After restarting squid, this rules (currently disabled) got me a high download rate for the IT-PCs, we talked about his here. However, when any terminals member of IT-PC use the proxy, other terminals not member of this group get a very slow connection, I believe this has something to do with [Traffic Shaping] so, how can I change [Traffic Shaping] on [Web Proxy] rules?


(Markus Neuberger) #6

I couldn’t find out how to change it but what if you disable/delete the low priority rule?


(Juan Carlos Fernandez) #7

To what end?


(Markus Neuberger) #8

I meant to use only rule 1 and 2 and disable 3.


(Juan Carlos Fernandez) #9

Actually when you define rules on [Web Proxy] -> [Rules] what happens is that on [/etc/squid/squid.conf] you get this:

# Rule 1: src: iprange;high-priority action: priority;high dst: 
acl src_mark_1 src ###.###.###.###-###.###.###.###
tcp_outgoing_mark 0x2 src_mark_1 

# Rule 2: src: host;inf-mpuig action: priority;high dst: 
acl src_mark_2 src ###.###.###.###
tcp_outgoing_mark 0x2 src_mark_2 

# Rule 3: src: role;green action: priority;low dst: 
acl src_mark_5 src  ###.###.###.###/##
tcp_outgoing_mark 0x3 src_mark_5 

After some research I found out that tcp_outgoing_mark is used to mark packets for routing, haven’t found yet where does the routing configuration is, or how can I check if this acl is been applied correctly, but it’s a start.

I also tried to only apply the low priority rule to domains like ‘mega.co.nz’ but it’s not woking, I have to set a FQDN like for example ‘gfs270n143.userstorage.mega.co.nz’ for to rule to work, but this is no use to me as MEGA has a lot of this sites, any ideas?