Return-Path: X-Original-To: apmail-trafficserver-users-archive@www.apache.org Delivered-To: apmail-trafficserver-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B97F09D9F for ; Tue, 5 Jun 2012 15:43:05 +0000 (UTC) Received: (qmail 83232 invoked by uid 500); 5 Jun 2012 15:43:05 -0000 Delivered-To: apmail-trafficserver-users-archive@trafficserver.apache.org Received: (qmail 83202 invoked by uid 500); 5 Jun 2012 15:43:05 -0000 Mailing-List: contact users-help@trafficserver.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@trafficserver.apache.org Delivered-To: mailing list users@trafficserver.apache.org Received: (qmail 83194 invoked by uid 99); 5 Jun 2012 15:43:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Jun 2012 15:43:05 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of saraswathi.venkataraman@xoriant.com designates 12.36.118.9 as permitted sender) Received: from [12.36.118.9] (HELO xorcas01.XoriantCorp.com) (12.36.118.9) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Jun 2012 15:43:00 +0000 Received: from MUMEX01.India.XoriantCorp.com ([10.21.0.27]) by xorcas01.XoriantCorp.com ([10.1.0.24]) with mapi id 14.01.0355.002; Tue, 5 Jun 2012 08:46:31 -0700 From: Saraswathi Venkataraman To: "users@trafficserver.apache.org" Subject: RE: Configuring traffic server on transparent proxy mode. Thread-Topic: Configuring traffic server on transparent proxy mode. Thread-Index: Ac04GiKPX6b6gTadTMqcCgkx5gQTkQAnT+QAAAu+7mAAEyHWAAAQVUMwABqAgQAADpW8EP//ppcA/+10oYA= Date: Tue, 5 Jun 2012 15:46:25 +0000 Message-ID: References: <371609216.20120522194054@network-geographics.com> <94755473.20120523102502@network-geographics.com> <17510255028.20120524065132@network-geographics.com> <894290420.20120524082908@network-geographics.com> In-Reply-To: <894290420.20120524082908@network-geographics.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.21.3.21] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org This is the ifconfig for our machine. We are trying to configure tproxy aga= in on our machine.=20 eth0 Link encap:Ethernet HWaddr 2C:76:8A:53:C8:DC inet addr:192.168.115.100 Bcast:192.168.115.255 Mask:255.255.25= 5.0 inet6 addr: fe80::2e76:8aff:fe53:c8dc/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:16125 errors:0 dropped:0 overruns:0 frame:0 TX packets:7367 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1700374 (1.6 MiB) TX bytes:4829093 (4.6 MiB) Interrupt:32 eth1 Link encap:Ethernet HWaddr 2C:76:8A:53:C8:DD inet6 addr: fe80::2e76:8aff:fe53:c8dd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2280896 errors:0 dropped:0 overruns:0 frame:0 TX packets:12838 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:187005928 (178.3 MiB) TX bytes:1389503 (1.3 MiB) Interrupt:36 eth1.796 Link encap:Ethernet HWaddr 2C:76:8A:53:C8:DD inet addr:10.60.255.254 Bcast:10.60.255.255 Mask:255.255.0.0 inet6 addr: fe80::2e76:8aff:fe53:c8dd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2271924 errors:0 dropped:0 overruns:0 frame:0 TX packets:12808 errors:0 dropped:6 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:136291894 (129.9 MiB) TX bytes:1278148 (1.2 MiB) eth1.798 Link encap:Ethernet HWaddr 2C:76:8A:53:C8:DD inet addr:10.61.255.254 Bcast:10.61.255.255 Mask:255.255.0.0 inet6 addr: fe80::2e76:8aff:fe53:c8dd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:275 errors:0 dropped:0 overruns:0 frame:0 TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:14906 (14.5 KiB) TX bytes:2493 (2.4 KiB) eth2 Link encap:Ethernet HWaddr 2C:76:8A:53:C8:DE UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:32 eth3 Link encap:Ethernet HWaddr 2C:76:8A:53:C8:DF UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:36 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:49707 errors:0 dropped:0 overruns:0 frame:0 TX packets:49707 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:11216523 (10.6 MiB) TX bytes:11216523 (10.6 MiB) Output of ip rule list is:=20 0: from all lookup local 32756: from all fwmark 0x1 lookup 100 32757: from all fwmark 0x1 iif eth2 lookup 100 32758: from all fwmark 0x1/0x1 lookup 1 32759: from all fwmark 0x1 lookup 1 32760: from all fwmark 0x1 iif eth3 lookup 100 32764: from all fwmark 0x1 iif eth0 lookup 100 32765: from all fwmark 0x1 iif eth1 lookup 100 32766: from all lookup main 32767: from all lookup default And iptables -t mangle --list is: Chain PREROUTING (policy ACCEPT) target prot opt source destination DIVERT tcp -- anywhere anywhere socket TPROXY tcp -- anywhere anywhere tcp dpt:http T= PROXY redirect 0.0.0.0:8080 mark 0x1/0x1 Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain DIVERT (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x1 ACCEPT all -- anywhere anywhere Is there anything wrong with this? Thanks & Regards Saraswathi Venkataraman | Xoriant Solutions Pvt. Ltd. =A0 Winchester,=A0Hiranandani Business Park, Powai,=A0Mumbai 400076, INDIA.=20 Tel: +91 22 30511000 |=A0Ext: 1113 | http://www.xoriant.com -----Original Message----- From: Alan M. Carroll [mailto:amc@network-geographics.com]=20 Sent: Thursday, May 24, 2012 6:59 PM To: Saraswathi Venkataraman Subject: Re: Configuring traffic server on transparent proxy mode. That's all I have in my iptables on my test box and it works in forward tra= nsparent mode. Thursday, May 24, 2012, 7:00:16 AM, you wrote: > What exactly should I follow? > Just these two will do? > iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j TPRO= XY \ > --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1 > iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 -j MARK= --set-mark 1/1