trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nguyen Hai Nam <nam...@nd24.net>
Subject Re: Implement ATS Tproxy in current situation
Date Mon, 17 Oct 2011 09:00:58 GMT

> That box before R2 is not a router I suppose..?
>
> Why not put ATS *behind* R2, or rather in the DMZ, and route everything
> that goes to port 80 and 443 through ATS? -- That's sort of the
> definition of "transparent" proxy. It's transparent to the client
> because you don't have to touch those.
Hi,

I'm following the idea that change the route 0.0.0.0/0 on R1 to ATS, on 
ATS I've wrote an iptables DNAT rule which forward traffic has 
destination port 80 to ATS:8080.

I'm reading old documentation of Traffic Server that describe about L4 
switch or WCCP2, but both of them are expensive to implement (esp. L4 
switch) and my routers don't support WCCP2.

After I route the Internet traffic to ATS, my feeling is it's not fast 
enough compare when configure proxy settings on browser. I still don't 
know the reason why, but I guess it's caused by iptables. Here are my 
rules, it's very appreciated if you or somebody correct for me:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.7:8080

iptables -A FORWARD -p tcp -o eth0 -d 10.0.0.7 --dport 80 -m state 
--state NEW -j ACCEPT

Thanks,
~Neddy



Mime
View raw message