Hi
I build ATS for transparent, and I configured the computer in
bridge mode according to the "Inline on Linux bridge" document.
However, the transparent proxy did not work, even not receive the
client request.
the ats version: 2.1.4-unstable
the os system: ubuntu-10.04(kernel: 2.6.32-27-generic)
the record.config file
...
proxy.config.http.server_port INT 8080
proxy.config.http.server_port_attr STRING =
proxy.config.reverse_proxy.enable INT 1
proxy.config.url_remap.remap_required INT 0
proxy.config.cluster.ethernet_interface STRING br0
BTW: I added "-t mangle" in the two iptables commands, or they
would generate the error message
"iptables: No chain/target/match by that name." in my system.
my system config
brctl addbr br0 # create bridge device
brctl stp br0 off # Disable spanning tree protocol
brctl addif br0 eth0 # Add eth0 to bridge
brctl addif br0 eth1 # Add eth1 to bridge
ifconfig eth0 0 0.0.0.0 # Get rid of interface IP addresses
ifconfig eth1 0 0.0.0.0 # ditto
# Set the bridge IP address and enable it
ifconfig br0 192.168.8.206 netmask 255.255.255.0 up
route add default gw 192.168.8.1
ebtables -t broute -F
# inbound traffic
ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 \
-j redirect --redirect-target DROP
# returning outbound traffic
ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 \
-j redirect --redirect-target DROP
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 \
-j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1
iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 \
-j MARK --set-mark 1/1
