trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 魏晋 <>
Subject transparent proxy document problems
Date Mon, 27 Dec 2010 06:50:02 GMT
    I build ATS for transparent, and I configured the computer in
bridge mode according to the "Inline on Linux bridge" document.
However, the transparent proxy did not work, even not receive the
client request.

    the ats version: 2.1.4-unstable
    the os system: ubuntu-10.04(kernel: 2.6.32-27-generic)

    the record.config file
           proxy.config.http.server_port INT 8080
           proxy.config.http.server_port_attr STRING =
           proxy.config.reverse_proxy.enable INT 1
           proxy.config.url_remap.remap_required INT 0
           proxy.config.cluster.ethernet_interface STRING br0

    BTW: I added "-t mangle" in the two iptables commands, or they
would generate the error message
 "iptables: No chain/target/match by that name."  in my system.

    my system config

          brctl addbr br0 # create bridge device
          brctl stp br0 off # Disable spanning tree protocol
          brctl addif br0 eth0 # Add eth0 to bridge
          brctl addif br0 eth1 # Add eth1 to bridge

          ifconfig eth0 0 # Get rid of interface IP addresses
          ifconfig eth1 0 # ditto
          # Set the bridge IP address and enable it
          ifconfig br0 netmask up
          route add default gw
          ebtables -t broute -F
           # inbound traffic
           ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 \
           -j redirect --redirect-target DROP
           # returning outbound traffic
           ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 \
           -j redirect --redirect-target DROP

           iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 \
           -j TPROXY --on-ip --on-port 8080 --tproxy-mark 1/1
           iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 \
           -j MARK --set-mark 1/1

View raw message