Return-Path: Delivered-To: apmail-trafficserver-users-archive@www.apache.org Received: (qmail 15122 invoked from network); 26 Sep 2010 08:49:23 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 26 Sep 2010 08:49:23 -0000 Received: (qmail 13169 invoked by uid 500); 26 Sep 2010 08:49:22 -0000 Delivered-To: apmail-trafficserver-users-archive@trafficserver.apache.org Received: (qmail 13031 invoked by uid 500); 26 Sep 2010 08:49:20 -0000 Mailing-List: contact users-help@trafficserver.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@trafficserver.apache.org Delivered-To: mailing list users@trafficserver.apache.org Received: (qmail 13017 invoked by uid 99); 26 Sep 2010 08:49:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 26 Sep 2010 08:49:19 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of weilogster@gmail.com designates 209.85.216.170 as permitted sender) Received: from [209.85.216.170] (HELO mail-qy0-f170.google.com) (209.85.216.170) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 26 Sep 2010 08:49:14 +0000 Received: by qyk35 with SMTP id 35so3490612qyk.8 for ; Sun, 26 Sep 2010 01:48:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=ujW4PvBpX6pzCN9JbXC02Zzpl+mS4L8GJNKmH2td5M4=; b=mkDplRnuDoDF/w7lLQTBOTduxwL0QLPC8i4nAPXgqSKkYNiNi/6wuIIkVMVOHl3h0R B3v5l2rjRCj6+mgupJb1xR2GwHDe0DIaOhwLyC37gUXgcrbEUEMa6mVo1J1jRYvZQOni hl5SWy2usYRA3/+SofBuBLD8qksEWZig5RUJY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=c/G+ViZaBOxIBtUqgUDKs24uNJrNpmK+QbzBY1ubp/prT2HPIx+mt2PXSZHFOWImRJ 4GgD1C1eQfejCmxdHBweuAxusYVVEXRfp59/BfmiD2bZrWVAeMhsnsTa+z+Qk7KZiX/G yoE8BjL+1I1ovu4B3ngAaeTGbRkT2o3+vM/DQ= MIME-Version: 1.0 Received: by 10.224.54.85 with SMTP id p21mr4121419qag.267.1285490933194; Sun, 26 Sep 2010 01:48:53 -0700 (PDT) Received: by 10.220.73.8 with HTTP; Sun, 26 Sep 2010 01:48:53 -0700 (PDT) Date: Sun, 26 Sep 2010 16:48:53 +0800 Message-ID: Subject: transparent proxy with TS2.3.1-unstable From: =?GB2312?B?zrq9+g==?= To: trafficserver groups Content-Type: multipart/alternative; boundary=0015175cb0c46f5f63049125aecd --0015175cb0c46f5f63049125aecd Content-Type: text/plain; charset=ISO-8859-1 hi I want to set up a transparent proxy server with ts2.3.1, but the following error happens: ERROR: [bindProxyPort] Unable to set transparent socket option [92] Protocol not available can anybody help me? Thanks record.conf: CONFIG proxy.config.http.server_port_attr STRING = CONFIG proxy.config.cluster.ethernet_interface STRING eth1 The server has two network interfaces, eth0 (LAN), eth1(INTERNET), and the OS system is CentOS5.4. And I connected the server(eth0) and client with one a network cable. The following is our iptables rules: #!/bin/sh # ------------------------------------------------------------------------------------ # See URL: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html # (c) 2006, nixCraft under GNU/GPL v2.0+ # ------------------------------------------------------------------------------------- # TRAFFIC server IP TRAFFIC_SERVER="192.168.8.131" # Interface connected to Internet INTERNET="eth1" # Interface connected to LAN LAN_IN="eth0" # Traffic Server port TS_PORT="8080" # DO NOT MODIFY BELOW # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack modprobe ip_conntrack_ftp # For win xp ftp client #modprobe ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # DNAT port 80 request comming from LAN systems to ts 8080 ($TS_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $TRAFFIC_SERVER:$TS_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $TS_PORT # DROP everything and Log it iptables -A INPUT -j LOG iptables -A INPUT -j DROP --0015175cb0c46f5f63049125aecd Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable hi
I want to set up a transparent proxy server with ts2.3.1, =A0but =A0the
following error happens:
ERROR: [bindProxyPort] Unable to set transparent socket option [92] Protoco= l
not available
can anybody help me? Thanks

record.conf:
CONFIG proxy.config.http.server_port_attr STRING =3D
CONFIG proxy.config.cluster.ethernet_interface STRING eth1

The server has two network interfaces, eth0 (LAN), eth1(INTERNET), and the<= br> OS system is CentOS5.4. And I connected the server(eth0) and client with on= e
a network cable.
The following is our iptables rules:
#!/bin/sh
#
---------------------------------------------------------------------------= ---------
# See URL:
http://www.cyberciti.biz/tips/linux-setup-t= ransparent-proxy-squid-howto.html
# (c) 2006, nixCraft under GNU/GPL v2.0+
#
---------------------------------------------------------------------------= ----------
# TRAFFIC server IP
TRAFFIC_SERVER=3D"192.168.8.131"
# Interface connected to Internet
INTERNET=3D"eth1"
# Interface connected to LAN
LAN_IN=3D"eth0"
# Traffic Server port
TS_PORT=3D"8080"

# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j
ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j
MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to ts 8080 ($TS_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to
$TRAFFIC_SERVER:$TS_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $TS_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
--0015175cb0c46f5f63049125aecd--