Return-Path: Delivered-To: apmail-trafficserver-users-archive@www.apache.org Received: (qmail 66830 invoked from network); 27 Dec 2010 06:50:34 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 27 Dec 2010 06:50:34 -0000 Received: (qmail 68988 invoked by uid 500); 27 Dec 2010 06:50:34 -0000 Delivered-To: apmail-trafficserver-users-archive@trafficserver.apache.org Received: (qmail 68818 invoked by uid 500); 27 Dec 2010 06:50:32 -0000 Mailing-List: contact users-help@trafficserver.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@trafficserver.apache.org Delivered-To: mailing list users@trafficserver.apache.org Received: (qmail 68801 invoked by uid 99); 27 Dec 2010 06:50:31 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Dec 2010 06:50:31 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of weilogster@gmail.com designates 74.125.82.170 as permitted sender) Received: from [74.125.82.170] (HELO mail-wy0-f170.google.com) (74.125.82.170) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Dec 2010 06:50:23 +0000 Received: by wyb39 with SMTP id 39so8173149wyb.29 for ; Sun, 26 Dec 2010 22:50:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=6lIXQzCOx5wDSzonkTJPTwBagHgV8wa5c3DYGYElCMQ=; b=GVjYFEbV2+qbzMC89g5xZymy0DRcWE9nxrsZtyo0rS0GaUID2P79VDq8BZj58YlH1t 3Up7yXVGYUENbfXXCltqdHCrleiU63zs5xuUnXDmnYRFZs8HRVhiRUpGSJi3rpqlvi5a 6vdOApiJLbFBpX9I12KY/Kd6UI61S7hzv0Y4g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=CebWvZ8sGvq7fbEk7xrith73XeD+zvaIMp4Bexi8HTCABsjVNzj2dpHNPLWGF/c76I tQjtemSUCUVJpo53hMtqVhAIwnoTBJgpqqlevd7eXPEyHo2whhn5ZEiyLlCsPVAykEB0 HbZEk626PECbD11QdklS9hGRfRO4F9F6h0clk= MIME-Version: 1.0 Received: by 10.216.28.8 with SMTP id f8mr36178wea.48.1293432602856; Sun, 26 Dec 2010 22:50:02 -0800 (PST) Received: by 10.216.175.81 with HTTP; Sun, 26 Dec 2010 22:50:02 -0800 (PST) Date: Mon, 27 Dec 2010 14:50:02 +0800 Message-ID: Subject: transparent proxy document problems From: =?GB2312?B?zrq9+g==?= To: trafficserver groups Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Hi I build ATS for transparent, and I configured the computer in bridge mode according to the "Inline on Linux bridge" document. However, the transparent proxy did not work, even not receive the client request. the ats version: 2.1.4-unstable the os system: ubuntu-10.04(kernel: 2.6.32-27-generic) the record.config file ... proxy.config.http.server_port INT 8080 proxy.config.http.server_port_attr STRING = proxy.config.reverse_proxy.enable INT 1 proxy.config.url_remap.remap_required INT 0 proxy.config.cluster.ethernet_interface STRING br0 BTW: I added "-t mangle" in the two iptables commands, or they would generate the error message "iptables: No chain/target/match by that name." in my system. my system config brctl addbr br0 # create bridge device brctl stp br0 off # Disable spanning tree protocol brctl addif br0 eth0 # Add eth0 to bridge brctl addif br0 eth1 # Add eth1 to bridge ifconfig eth0 0 0.0.0.0 # Get rid of interface IP addresses ifconfig eth1 0 0.0.0.0 # ditto # Set the bridge IP address and enable it ifconfig br0 192.168.8.206 netmask 255.255.255.0 up route add default gw 192.168.8.1 ebtables -t broute -F # inbound traffic ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 \ -j redirect --redirect-target DROP # returning outbound traffic ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 \ -j redirect --redirect-target DROP iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 \ -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1 iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 \ -j MARK --set-mark 1/1