I flushed the iptables. This is what I have added to my iptables. I have the eth1 interface
of TS1 to the client and eth2 to the webserver routed as default gateway.
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 MARK or 0x1
2 TPROXY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TPROXY redirect
0.0.0.0:8080 mark 0x1/0x1
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
------------------------------
This is the result of ip rule list
0: from all lookup local
32765: from all fwmark 0x1/0x1 lookup 1
32766: from all lookup main
32767: from all lookup default
ip route show table 1
local default dev lo scope host
What else must I do. The packets are coming in, and getting routed directly to the webserver
and getting the response. It is not going through trafficserver at all. Am I missing some
iptable routing?
Thanks & Regards
Saraswathi Venkataraman | Xoriant Solutions Pvt. Ltd.
Winchester, Hiranandani Business Park, Powai, Mumbai 400076, INDIA.
Tel: +91 22 30511000 | Ext: 1113 | http://www.xoriant.com
-----Original Message-----
From: Saraswathi Venkataraman [mailto:saraswathi.venkataraman@Xoriant.Com]
Sent: Thursday, June 07, 2012 8:03 PM
To: users@trafficserver.apache.org
Subject: RE: Configuring traffic server on transparent proxy mode.
The packets are still not getting forwarded to the ATS port. It directly gets the response
from the server now today. Somehow the packets are not getting intercepted to ATS. I have
the same iprules routes and iptables as below. Anything I am missing.
Thanks & Regards
Saraswathi Venkataraman | Xoriant Solutions Pvt. Ltd.
Winchester, Hiranandani Business Park, Powai, Mumbai 400076, INDIA.
Tel: +91 22 30511000 | Ext: 1113 | http://www.xoriant.com
-----Original Message-----
From: Alan M. Carroll [mailto:amc@network-geographics.com]
Sent: Thursday, June 07, 2012 8:31 AM
To: users@trafficserver.apache.org
Subject: Re: Configuring traffic server on transparent proxy mode.
Could you provide some information about what the end result you are looking for? E.g. where
are the clients, where are the origin servers / internet, which network paths should be transparent?
Unfortunately I am on vacation this week and so will not be particularly responsive.
My first comment would be that I have had not much success with using "socket" in my iptables
rules. I think --sport 80 is better. One problem is that SYN/ACK may not be considered on
a socket because it has not yet been established.
You seem to have a lot of rules in your ip rule list - why check for the all the interfaces
if you are also just checking on the firewall mark?
Tuesday, June 5, 2012, 10:46:25 AM, you wrote:
> This is the ifconfig for our machine. We are trying to configure tproxy again on our
machine.
|