Re: transparent proxy document problems

Thu, 30 Dec 2010 01:44:32 -0800 

Thanks for your reply.
Yes, I set up the policy routing, according to the "Inline on Linux
bridge" document, but it did not work.  The way the "Inline on a Linux
router" document tells us did not work neither. The ats just can not
accept any request in transparent mode.


2010/12/29 Alan M. Carroll <[email protected]>:
> Sorry for the delay, it's been very hectic here with other projects.
>
> Let me check on the -t mangle issue, that looks like a typo.
>
> Did you set up the policy routing? I don't see that mentioned here.
>
> Monday, December 27, 2010, 12:50:02 AM, you wrote:
>
>> Hi
>>     I build ATS for transparent, and I configured the computer in
>> bridge mode according to the "Inline on Linux bridge" document.
>> However, the transparent proxy did not work, even not receive the
>> client request.
>
>>     the ats version: 2.1.4-unstable
>>     the os system: ubuntu-10.04(kernel: 2.6.32-27-generic)
>
>>     the record.config file
>>         ...
>>            proxy.config.http.server_port INT 8080
>>            proxy.config.http.server_port_attr STRING =
>>            proxy.config.reverse_proxy.enable INT 1
>>            proxy.config.url_remap.remap_required INT 0
>>            proxy.config.cluster.ethernet_interface STRING br0
>
>>     BTW: I added "-t mangle" in the two iptables commands, or they
>> would generate the error message
>>  "iptables: No chain/target/match by that name."  in my system.
>
>>     my system config
>
>>           brctl addbr br0 # create bridge device
>>           brctl stp br0 off # Disable spanning tree protocol
>>           brctl addif br0 eth0 # Add eth0 to bridge
>>           brctl addif br0 eth1 # Add eth1 to bridge
>
>>           ifconfig eth0 0 0.0.0.0 # Get rid of interface IP addresses
>>           ifconfig eth1 0 0.0.0.0 # ditto
>>           # Set the bridge IP address and enable it
>>           ifconfig br0 192.168.8.206 netmask 255.255.255.0 up
>>           route add default gw 192.168.8.1
>>           ebtables -t broute -F
>>            # inbound traffic
>>            ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 
>> 80 \
>>            -j redirect --redirect-target DROP
>>            # returning outbound traffic
>>            ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 
>> 80 \
>>            -j redirect --redirect-target DROP
>
>>            iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 
>> \
>>            -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1
>>            iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 
>> \
>>            -j MARK --set-mark 1/1
>
>

Reply via email to