Sorry for the delay, it's been very hectic here with other projects. Let me check on the -t mangle issue, that looks like a typo.
Did you set up the policy routing? I don't see that mentioned here. Monday, December 27, 2010, 12:50:02 AM, you wrote: > Hi > I build ATS for transparent, and I configured the computer in > bridge mode according to the "Inline on Linux bridge" document. > However, the transparent proxy did not work, even not receive the > client request. > the ats version: 2.1.4-unstable > the os system: ubuntu-10.04(kernel: 2.6.32-27-generic) > the record.config file > ... > proxy.config.http.server_port INT 8080 > proxy.config.http.server_port_attr STRING = > proxy.config.reverse_proxy.enable INT 1 > proxy.config.url_remap.remap_required INT 0 > proxy.config.cluster.ethernet_interface STRING br0 > BTW: I added "-t mangle" in the two iptables commands, or they > would generate the error message > "iptables: No chain/target/match by that name." in my system. > my system config > brctl addbr br0 # create bridge device > brctl stp br0 off # Disable spanning tree protocol > brctl addif br0 eth0 # Add eth0 to bridge > brctl addif br0 eth1 # Add eth1 to bridge > ifconfig eth0 0 0.0.0.0 # Get rid of interface IP addresses > ifconfig eth1 0 0.0.0.0 # ditto > # Set the bridge IP address and enable it > ifconfig br0 192.168.8.206 netmask 255.255.255.0 up > route add default gw 192.168.8.1 > ebtables -t broute -F > # inbound traffic > ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport > 80 \ > -j redirect --redirect-target DROP > # returning outbound traffic > ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport > 80 \ > -j redirect --redirect-target DROP > iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 \ > -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1 > iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 \ > -j MARK --set-mark 1/1
