trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan M. Carroll" <...@network-geographics.com>
Subject Re: Configuring traffic server on transparent proxy mode.
Date Thu, 24 May 2012 11:51:32 GMT
I would use just server_ports for all port description information. It was put in to do precisely
that.

For iptables, a "--set-mark 0x1/0x1 -j ACCEPT" is effectively the same as your DIVERT chain.

I don't use the "-m socket" because once a stream is established normal routing will handle
it. My iptables basically has two rules, one for --sport and one for --dport.

Thursday, May 24, 2012, 1:13:20 AM, you wrote:

> Thanks Alan.

> Are there any alternative ways to implement it without redundancy so that I can compare
and see what can be re moved? How do you suggest I implement it?

> Thanks & Regards
> Saraswathi Venkataraman | Xoriant Solutions Pvt. Ltd.  
> Winchester, Hiranandani Business Park, Powai, Mumbai 400076, INDIA. 
> Tel: +91 22 30511000 | Ext: 1113 | http://www.xoriant.com


> -----Original Message-----
> From: Alan M. Carroll [mailto:amc@network-geographics.com] 
> Sent: Wednesday, May 23, 2012 8:55 PM
> To: Saraswathi Venkataraman
> Subject: Re: Configuring traffic server on transparent proxy mode.

> The use of server_port and server_other_ports is deprecated. You should use server_ports
only, with "8080:tr-full". However the change was made so that those options should still
work, although they will be removed in a future release. You should not under any circumstances
use both server_port&server_other_ports and server_ports, that can cause port conflicts.

> You are marking packets and using routing table 100. Do you define rules for table 100?
Also, it looks like your divert chain marks packets the same way as your --dport rule. But
if it works, then it's correct.

> Wednesday, May 23, 2012, 8:18:24 AM, you wrote:

>> Finally resolved it this way: It got configured on tproxy mode



Mime
View raw message