trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Susan Hinrichs <shinr...@network-geographics.com>
Subject Re: transparent proxy (inline on a linux bridge) not work
Date Wed, 12 Aug 2015 02:37:42 GMT
Sounds like the packets are not getting directed to the traffic_server 
process.  I assume that you have set up the iptables, ebtables, ip 
routes, and ip rules described in the document you reference.

You can see if your iptables rules are being triggered by running

iptables -t mangle -L -v

This shows the number of packets that have triggered each rule.  If your 
tproxy rules have zero packets hitting, then you have a problem.

Similarly, the following command shows the command count for the ebtables

ebtables -t broute -L --Lc

In addition to the documentation, you might want to take a look at this 
shell script, 
http://network-geographics.com/assets/docs/acna-universal.sh, as a 
successful example.


On 8/11/2015 9:08 PM, Wayne Zhang wrote:
> I tried reinstalling it into /opt/ts and start it by "sudo", the 
> permission error disappeared, but the problem (http visiting gets 
> timeout) remained.
> Wireshark on client PC showed that it didn't  receive the SYN/ACK packet.
>
> 2015-08-11 21:35 GMT+08:00 Susan Hinrichs 
> <shinrich@network-geographics.com 
> <mailto:shinrich@network-geographics.com>>:
>
>     Are you starting traffic manager as a privileged user?  Sounds
>     like a permission error.
>
>
>     On 8/10/2015 9:37 PM, Wayne Zhang wrote:
>>     Hi.
>>
>>     I followed the steps strictly from the official documents here :
>>     http://trafficserver.readthedocs.org/en/latest/admin/transparent-proxy/bridge.en.html#inline-on-a-linux-bridge
>>
>>     the source code version is 5.3.1.
>>     my linux kernel is 3.8.0-44, and I checked that the xt_TPROXY
>>     model was loaded after executing iptables command.
>>     config.log shows getting the right value 19.
>>
>>     then the Linux ethernet bridge works well, *every app on the
>>     client PC can access the internet but the browser visiting http
>>     websites always gets timeout (https is ok)*.
>>     the 3 processes traffic_cop, traffic_manager and traffic_server
>>     can be seen using "ps aux".
>>     there is no access log file squid.log in the log path.
>>     and the Wireshark on the PC using as bridge can not find any
>>     interfaces in this situation.
>>
>>     I tried to change the value of proxy.config.http.server_ports
>>     from the default 8080 to "8080:ipv4:tr-full", then I got error
>>     "Unable to set transparent socket option operation not
>>     permitted", and only one process traffic_cop remained.
>>
>>     How to fix this ? Thanks in advance.
>
>


Mime
View raw message