trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Carroll <solidwallofc...@yahoo-inc.com>
Subject Re: Transparent proxy with 1 NIC in ATS server
Date Fri, 26 Jun 2015 16:34:57 GMT
Yes, the original destination address for the connection is lost, as it is changed to the ATS
address.
 


     On Friday, June 26, 2015 11:31 AM, Jason Strongman <jasonstrongman2016@gmail.com>
wrote:
   

 using NAT in this way, do you lose the client resolved origin address?

i know with DNAT you lose the client resolved origin.. but i havent
tried using redirect.

looks like something to answer for myself today.




On Fri, Jun 26, 2015 at 9:55 AM, Alan Carroll
<solidwallofcode@yahoo-inc.com> wrote:
> Yes, that's what I meant by using iptables to do the NAT. As noted, if you
> do that you don't need TPROXY at all and the port should *not* be marked
> transparent. I originally worked this out back when TPROXY wasn't standard
> and it's still useful for people who don't want to mess with it (TPROXY is
> not exactly simple and easy to use).
>
>
>
> On Thursday, June 25, 2015 5:05 PM, Leif Hedstrom <zwoop@apache.org> wrote:
>
>
>
> On Apr 8, 2015, at 5:30 PM, Yue, Cong <Cong_Yue@alliedtelesis.com> wrote:
>
> Hi
>
> Can somebody advise how I can do transparent proxy if I only have one physic
> NIC in my ATS server?
> The network topology in my environment is as
> 1, I am doing forward proxy
>
>
>
> Maybe I’m naive, but wouldn’t something like this work:
>
> iptables -t nat -A PREROUTING -i en0  -p tcp -m tcp  -s 10.0.0.0/8  --dport
> 80 -j REDIRECT --to-port 8080
>
>
> (replace 10.0.0.0/8 with you internal network range).
>
> — leif
>
>

  
Mime
View raw message