trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Muhammad Faisal <faisalu...@yahoo.com>
Subject Re: Problem on Transparent-Proxy Configuration
Date Tue, 24 Jan 2017 08:01:44 GMT
Hi,Here is how the IP tables should be if you have compiled ATA with transparent proxy support:
Assuming you have used port 8080 or ATS
:DIVERT - [0:0] -A PREROUTING -p tcp -m socket -j DIVERT -A PREROUTING -p tcp -m tcp --dport
80 -j TPROXY --on-port 8080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1 -A DIVERT -j MARK --set-xmark
0x1/0xffffffff -A DIVERT -j ACCEPT 

[root <at> ats ~]# ip rule show0:      from all lookup local32765:  from all fwmark
0x1 lookup 10032766:  from all lookup main32767:  from all lookup default 
ATS config:###############################################################################
Specify server addresses and ports to bind for HTTP and HTTPS. Docs:#    https://docs.trafficserver.apache.org/records.config#proxy-config-http-server-ports##############################################################################CONFIG
proxy.config.http.server_ports STRING 8080:tr-full

Building ATS for transparency — Apache Traffic Server 4.2.3 documentation

  
|  
|   |  
Building ATS for transparency — Apache Traffic Server 4.2.3 documentation
   |  |

  |

 
Inline on a Linux router — Apache Traffic Server 5.3.2 documentation

  
|  
|   |  
Inline on a Linux router — Apache Traffic Server 5.3.2 documentation
   |  |

  |

 

Regards, Faisal.

 
      From: Rebirthing <nemojjh@gmail.com>
 To: users@trafficserver.apache.org 
 Sent: Tuesday, January 24, 2017 12:45 PM
 Subject: Problem on Transparent-Proxy Configuration
   
Hello. My name is Jaden, a developer in korea.
I'm trying to configure Router-ATS Transparent Proxy.
But it doesn't work and I couldn't figure out the problem.
Please Help me.
-Environments-OS : Ubuntu 16.04ATS Version : LatestNetwork Topology : Internet ----- (ens33,  192.168.75.0/24)
: ATS : (ens35, 172.16.113.0/24) ---- Intranet
iptables setting
:# iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE# iptables -A FORWARD -i ens33 -o
ens35 -m state --state RELATED,ESTABLISHED -j ACCEPT# iptables -A FORWARD -i ens35 -o ens33
-j ACCEPT
# iptables -t mangle -A PREROUTING -i ens35 -p tcp -m tcp --dport 80 -j TPROXY  --on-ip 0.0.0.0
--on-port 8080 --tproxy-mark 1/1# iptables -t mangle -A PREROUTING -i ens33 --source 192.168.75.0/24 -j
ACCEPT# iptables -t mangle -A PREROUTING -i ens33 --destination 192.168.75.0/24 -j ACCEPT#
iptables -t mangle -A PREROUTING -i eth33 -p tcp -m tcp --sport 80 -j MARK --set-mark 1/1#
ip rule add fwmark 1/1 table 1# ip route add local 0.0.0.0/0 dev lo table 1
I checked the packets with wireshark. Only Tcp packets didn't pass through.
DNS Querying is working but TCP not.
Could you help me?
Thank you.

   
 
Mime
View raw message