trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wayne Zhang <wayne.m.zh...@gmail.com>
Subject Re: transparent proxy (inline on a linux bridge) not work
Date Wed, 12 Aug 2015 08:32:54 GMT
Hi Susan,

I tried the 2 commands, the outband side has zero packets,  just like you
said.
And I followed the script you give, the problem still exists.

I worked on an Ubuntu 14.04 and an Ubuntu 12.04, they have the same problem.

I installed a new CentOS 7 then the problem disappeared, the transparent
proxy works well.

I decided to give up or postpone finding out the real reason why it failed
on the Ubuntu PC, since I have spent too much time fixing this.

Thank you all the same for your kindness.

     Wayne



2015-08-12 10:37 GMT+08:00 Susan Hinrichs <shinrich@network-geographics.com>
:

> Sounds like the packets are not getting directed to the traffic_server
> process.  I assume that you have set up the iptables, ebtables, ip routes,
> and ip rules described in the document you reference.
>
> You can see if your iptables rules are being triggered by running
>
> iptables -t mangle -L -v
>
> This shows the number of packets that have triggered each rule.  If your
> tproxy rules have zero packets hitting, then you have a problem.
>
> Similarly, the following command shows the command count for the ebtables
>
> ebtables -t broute -L --Lc
>
> In addition to the documentation, you might want to take a look at this
> shell script, http://network-geographics.com/assets/docs/acna-universal.sh,
> as a successful example.
>
>
>
> On 8/11/2015 9:08 PM, Wayne Zhang wrote:
>
> I tried reinstalling it into /opt/ts and start it by "sudo", the
> permission error disappeared, but the problem (http visiting gets timeout)
> remained.
> Wireshark on client PC showed that it didn't  receive the SYN/ACK packet.
>
> 2015-08-11 21:35 GMT+08:00 Susan Hinrichs <
> shinrich@network-geographics.com>:
>
>> Are you starting traffic manager as a privileged user?  Sounds like a
>> permission error.
>>
>>
>> On 8/10/2015 9:37 PM, Wayne Zhang wrote:
>>
>> Hi.
>>
>> I followed the steps strictly from the official documents here :
>>
>> http://trafficserver.readthedocs.org/en/latest/admin/transparent-proxy/bridge.en.html#inline-on-a-linux-bridge
>>
>> the source code version is 5.3.1.
>> my linux kernel is 3.8.0-44, and I checked that the xt_TPROXY model was
>> loaded after executing iptables command.
>> config.log shows getting the right value 19.
>>
>> then the Linux ethernet bridge works well, *every app on the client PC
>> can access the internet but the browser visiting http websites always gets
>> timeout (https is ok)*.
>> the 3 processes traffic_cop, traffic_manager and traffic_server can be
>> seen using "ps aux".
>> there is no access log file squid.log in the log path.
>> and the Wireshark on the PC using as bridge can not find any interfaces
>> in this situation.
>>
>> I tried to change the value of proxy.config.http.server_ports from the
>> default 8080 to "8080:ipv4:tr-full", then I got error "Unable to set
>> transparent socket option operation not permitted", and only one process
>> traffic_cop remained.
>>
>> How to fix this ? Thanks in advance.
>>
>>
>>
>
>

Mime
View raw message