And your ATS was built with --enable-tproxy? My iptables rules are the same as yours, and my ATS working just fine with port_attr STRING =
Do you have this : Ip route add local 0.0.0.0/0 dev eth0 (or whatever interface ur Tproxy on) table 100 ? With port_attr STRING >, do you get the desired transparency? Powered by Telkomsel BlackBerry® -----Original Message----- From: Steve Cole <[email protected]> Date: Fri, 10 Jun 2011 11:38:33 To: <[email protected]> Reply-To: [email protected] Subject: Re: Bug in 2.1.9? On June 10, 2011 12:00:00 AM [email protected] wrote: > Steve, what's ur iptables rule for tproxy? On June 10, 2011 12:00:00 AM [email protected] wrote: > Steve, what's ur iptables rule for tproxy? I have it working. In essence, I had to put ">" in for the port_attr string and it just ... works. Here's the simplest I could make it: -- #!/bin/sh IPTABLES=/sbin/iptables ${IPTABLES} -v -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy mark 0x1/0x1 --on-port 8080 ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 -- Only thing is... I see a fair bit of load on the machine when the system is doing virtually nothing. Shutting down ATS seems to stop that. Very curious.
