trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan M. Carroll" <...@network-geographics.com>
Subject Re: transparent proxy document problems
Date Wed, 29 Dec 2010 13:35:13 GMT
Sorry for the delay, it's been very hectic here with other projects.

Let me check on the -t mangle issue, that looks like a typo.

Did you set up the policy routing? I don't see that mentioned here.

Monday, December 27, 2010, 12:50:02 AM, you wrote:

> Hi
>     I build ATS for transparent, and I configured the computer in
> bridge mode according to the "Inline on Linux bridge" document.
> However, the transparent proxy did not work, even not receive the
> client request.

>     the ats version: 2.1.4-unstable
>     the os system: ubuntu-10.04(kernel: 2.6.32-27-generic)

>     the record.config file
>         ...
>            proxy.config.http.server_port INT 8080
>            proxy.config.http.server_port_attr STRING =
>            proxy.config.reverse_proxy.enable INT 1
>            proxy.config.url_remap.remap_required INT 0
>            proxy.config.cluster.ethernet_interface STRING br0

>     BTW: I added "-t mangle" in the two iptables commands, or they
> would generate the error message
>  "iptables: No chain/target/match by that name."  in my system.

>     my system config

>           brctl addbr br0 # create bridge device
>           brctl stp br0 off # Disable spanning tree protocol
>           brctl addif br0 eth0 # Add eth0 to bridge
>           brctl addif br0 eth1 # Add eth1 to bridge

>           ifconfig eth0 0 0.0.0.0 # Get rid of interface IP addresses
>           ifconfig eth1 0 0.0.0.0 # ditto
>           # Set the bridge IP address and enable it
>           ifconfig br0 192.168.8.206 netmask 255.255.255.0 up
>           route add default gw 192.168.8.1
>           ebtables -t broute -F
>            # inbound traffic
>            ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 \
>            -j redirect --redirect-target DROP
>            # returning outbound traffic
>            ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 \
>            -j redirect --redirect-target DROP

>            iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 \
>            -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1
>            iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 \
>            -j MARK --set-mark 1/1


Mime
View raw message