trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Muhammad Faisal <faisalu...@yahoo.com>
Subject Re: Setting up Transparent Proxy
Date Wed, 27 Jan 2016 04:59:41 GMT
Update:
No downgraded to CentOS6.5, ATS 5.2.3

Now the traffic.out showing logs but still http sites still not wokring.

[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http_cs) 
tcp_init_cwnd_set 0
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http_cs) desired 
TCP congestion window is 0
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http_tunnel) 
[3013] producer_handler [http server VC_EVENT_READ_COMPLETE]
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http_redirect) 
[HttpTunnel::producer_handler] enable_redirection: [1 0 0] event: 102
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http) [3013] 
[&HttpSM::tunnel_handler_server, VC_EVENT_READ_COMPLETE]
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http_ss) [3068] 
session closing, netvc 0x2b09ac0110c0
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http_tunnel) 
[3013] consumer_handler [user agent VC_EVENT_WRITE_COMPLETE]
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http) [3013] 
[&HttpSM::tunnel_handler_ua, VC_EVENT_WRITE_COMPLETE]
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http_cs) [3013] 
session closed
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http_cs) [3013] 
session destroy
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http) [3013] 
[HttpSM::main_handler, HTTP_TUNNEL_EVENT_DONE]
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http) [3013] 
[&HttpSM::tunnel_handler, HTTP_TUNNEL_EVENT_DONE]
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http_redirect) 
[HttpTunnel::deallocate_postdata_copy_buffers]
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http_redirect) 
[HttpTunnel::deallocate_postdata_copy_buffers]
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http_seq) Skipping 
cop heartbeat logging & stats due to config
[Jan 26 23:57:05.125] Server {0x2b0986322700} DEBUG: (http) [3013] 
deallocating sm

Please help me out to configure ATS with tproxy.

On 1/26/2016 11:18 AM, Muhammad Faisal wrote:
> *Hi Alan,*
> The output is as follows:
>
> [root@ATS ~]# ip route show table 100
> local default dev lo  scope host
>
>
> *IPtables rules showing increasing packet counts:*
>
> # Generated by iptables-save v1.4.7 on Tue Jan 26 11:09:34 2016
> *mangle
> :PREROUTING ACCEPT [1601:195856]
> :INPUT ACCEPT [1853:208672]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1588:275561]
> :POSTROUTING ACCEPT [1588:275561]
> :DIVERT - [0:0]
> [1853:208672] -A PREROUTING -j LOG --log-prefix " Towards_ATS " 
> --log-level 7
> [252:12816] -A PREROUTING -i em2 -p tcp -m tcp --dport 80 -j TPROXY 
> --on-port 8080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
> [712:36656] -A PREROUTING -i em1 -p tcp -m tcp --sport 80 -j MARK 
> --set-xmark 0x1/0x1
> COMMIT
> # Completed on Tue Jan 26 11:09:34 2016
> [root@wc01 ~]# iptables-save -c
> # Generated by iptables-save v1.4.7 on Tue Jan 26 11:09:35 2016
> *mangle
> :PREROUTING ACCEPT [1618:196819]
> :INPUT ACCEPT [1873:209787]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1604:277388]
> :POSTROUTING ACCEPT [1604:277388]
> :DIVERT - [0:0]
> [1873:209787] -A PREROUTING -j LOG --log-prefix " Towards_ATS " 
> --log-level 7
> [255:12968] -A PREROUTING -i em2 -p tcp -m tcp --dport 80 -j TPROXY 
> --on-port 8080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
> [722:37168] -A PREROUTING -i em1 -p tcp -m tcp --sport 80 -j MARK 
> --set-xmark 0x1/0x1
> COMMIT
> # Completed on Tue Jan 26 11:09:35 2016
>
>
> On 1/26/2016 12:06 AM, Alan Carroll wrote:
>> Two recommendations:
>>
>> What is the output of
>>
>> ip route show table 100
>>
>> Also you should look at the iptable rule counts to see if those rules 
>> are being hit at all.
>>
>>
>> On Monday, January 25, 2016 12:50 PM, Muhammad Faisal 
>> <faisalusuf@yahoo.com> wrote:
>>
>>
>> *Update:*
>> When i flush ebtables the http browsing starts via bridge. But when i 
>> put the below rules browsing stops:
>>
>> ebtables -t broute -A BROUTING -i em2 -p ipv4 --ip-proto tcp 
>> --ip-dport 80 -j redirect --redirect-target DROP
>> ebtables -t broute -A BROUTING -i em1 -p ipv4 --ip-proto tcp 
>> --ip-sport 80 -j redirect --redirect-target DROP
>>
>> I ties logging both rules can see packets are being processed but 
>> iptables rules logs are empty. Any clue i have upgraded the kernel to 
>> 4.4 even still same situation.
>>
>> Thanks
>>
>> On 1/25/2016 11:12 PM, Muhammad Faisal wrote:
>> *Hi Alan,*
>> Thanks for your response. I went through your presentation (youtube 
>> video + Slides) indeed before starting configuration. It enhanced my 
>> understanding of ATS. However i found another straight forward step 
>> by step process at this location which i followed: 
>> http://apache-traffic-server.24303.n7.nabble.com/attachment/1638/0/ATS%20on%20Centos.txt
>>
>> When i remove ebtables rules the http browsing starts. Any suggestions?
>>
>> The output of traffic.out has nothing special seems no traffic is 
>> processed by ATS (using latest stable release 6.0). Please see below
>>
>> *traffic.out *
>> raffic_server: using root directory '/usr/local'
>> /usr/local/bin/trafficserver restart
>> [traffic_server: Terminated (Signal sent by kill() 4771 
>> 0)TrafficManager] ==> Cleaning up and reissuing signal #15
>> [E. Mgmt] log ==> [TrafficManager] using root directory '/usr/local'
>> traffic_server: using root directory '/usr/local'
>>
>>
>> */etc/sysctl.conf*
>> net.ipv4.ip_forward = 1
>> net.ipv4.conf.default.rp_filter = 0
>> net.ipv4.conf.all.rp_filter = 0
>> net.ipv4.conf.eth0.rp_filter = 0
>> net.ipv4.conf.eth1.rp_filter = 0
>> net.ipv4.conf.br0.rp_filter = 0
>> *IPTABLES Rules in your apachecon ppt:*
>> iptables -t mangle -A PREROUTING -i em2 -p tcp -m tcp --dport 80 -j TPROXY --on-ip
0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
>> iptables -t mangle -A PREROUTING -i em1 -p tcp -m tcp --sport 80 -j MARK --set-mark
0x1/0x1
>> *This is what i have applied on the server:*
>> ============================================
>> iptables -t mangle -N DIVERT
>> iptables -t mangle -A DIVERT -j LOG --log-prefix ' Towards_ATS ' 
>> --log-level 7
>> iptables -t mangle -A DIVERT -j MARK --set-mark 1
>> iptables -t mangle -A DIVERT -j ACCEPT
>> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
>> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY 
>> --tproxy-mark 0x1/0x1 --on-port 8080
>> ===========================================
>>
>>
>>
>> On 1/25/2016 8:55 PM, Alan Carroll wrote:
>>> You configuration to enable debugging is correct but there is no point in adding
it to traffic_logstat, it will have no effect. The debug output should be placed in the var/log/trafficserver/traffic.out
file.
>>>
>>> I need to check my notes (it's been a while since I worked with this) but I think
you iptables rules should be interface dependent (as with ebtables) to allow packets to escape
after going through ATS. I also don't recall using divert.
>>>
>>>
>>> Did you set the /etc/sysctl.conf value?
>>>
>>> You might find this interesting -
>>> https://www.dropbox.com/sh/h7erczfbt8ug8kn/cMyk4ukVSg?m  - it's a presentation
on transparent proxy.
>>
>>
>>
>>
>


Mime
View raw message