trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saraswathi Venkataraman <saraswathi.venkatara...@Xoriant.Com>
Subject RE: Configuring traffic server on transparent proxy mode.
Date Thu, 24 May 2012 12:00:16 GMT
What exactly should I follow?
Just these two will do?

iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j TPROXY \
   --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1

iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 -j MARK --set-mark 1/1

Thanks & Regards
Saraswathi Venkataraman | Xoriant Solutions Pvt. Ltd.  
Winchester, Hiranandani Business Park, Powai, Mumbai 400076, INDIA. 
Tel: +91 22 30511000 | Ext: 1113 | http://www.xoriant.com


-----Original Message-----
From: Alan M. Carroll [mailto:amc@network-geographics.com] 
Sent: Thursday, May 24, 2012 5:22 PM
To: Saraswathi Venkataraman
Subject: Re: Configuring traffic server on transparent proxy mode.

I would use just server_ports for all port description information. It was put in to do precisely
that.

For iptables, a "--set-mark 0x1/0x1 -j ACCEPT" is effectively the same as your DIVERT chain.

I don't use the "-m socket" because once a stream is established normal routing will handle
it. My iptables basically has two rules, one for --sport and one for --dport.

Thursday, May 24, 2012, 1:13:20 AM, you wrote:

> Thanks Alan.

> Are there any alternative ways to implement it without redundancy so that I can compare
and see what can be re moved? How do you suggest I implement it?

> Thanks & Regards
> Saraswathi Venkataraman | Xoriant Solutions Pvt. Ltd.  
> Winchester, Hiranandani Business Park, Powai, Mumbai 400076, INDIA. 
> Tel: +91 22 30511000 | Ext: 1113 | http://www.xoriant.com


> -----Original Message-----
> From: Alan M. Carroll [mailto:amc@network-geographics.com] 
> Sent: Wednesday, May 23, 2012 8:55 PM
> To: Saraswathi Venkataraman
> Subject: Re: Configuring traffic server on transparent proxy mode.

> The use of server_port and server_other_ports is deprecated. You should use server_ports
only, with "8080:tr-full". However the change was made so that those options should still
work, although they will be removed in a future release. You should not under any circumstances
use both server_port&server_other_ports and server_ports, that can cause port conflicts.

> You are marking packets and using routing table 100. Do you define rules for table 100?
Also, it looks like your divert chain marks packets the same way as your --dport rule. But
if it works, then it's correct.

> Wednesday, May 23, 2012, 8:18:24 AM, you wrote:

>> Finally resolved it this way: It got configured on tproxy mode



Mime
View raw message