trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Muhammad Faisal <>
Subject Re: Setting up Transparent Proxy
Date Mon, 25 Jan 2016 18:12:58 GMT
*Hi Alan,*
Thanks for your response. I went through your presentation (youtube 
video + Slides) indeed before starting configuration. It enhanced my 
understanding of ATS. However i found another straight forward step by 
step process at this location which i followed:

When i remove ebtables rules the http browsing starts. Any suggestions?

The output of traffic.out has nothing special seems no traffic is 
processed by ATS (using latest stable release 6.0). Please see below

*traffic.out *
raffic_server: using root directory '/usr/local'
/usr/local/bin/trafficserver restart
[traffic_server: Terminated (Signal sent by kill() 4771 
0)TrafficManager] ==> Cleaning up and reissuing signal #15
[E. Mgmt] log ==> [TrafficManager] using root directory '/usr/local'
traffic_server: using root directory '/usr/local'

net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.br0.rp_filter = 0
*IPTABLES Rules in your apachecon ppt:*
iptables -t mangle -A PREROUTING -i em2 -p tcp -m tcp --dport 80 -j TPROXY --on-ip
--on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i em1 -p tcp -m tcp --sport 80 -j MARK --set-mark 0x1/0x1

*This is what i have applied on the server:*
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j LOG --log-prefix ' Towards_ATS ' 
--log-level 7
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY 
--tproxy-mark 0x1/0x1 --on-port 8080

On 1/25/2016 8:55 PM, Alan Carroll wrote:
> You configuration to enable debugging is correct but there is no point in adding it to
traffic_logstat, it will have no effect. The debug output should be placed in the var/log/trafficserver/traffic.out
> I need to check my notes (it's been a while since I worked with this) but I think you
iptables rules should be interface dependent (as with ebtables) to allow packets to escape
after going through ATS. I also don't recall using divert.
> Did you set the /etc/sysctl.conf value?
> You might find this interesting -
> - it's a presentation on transparent

View raw message