That box before R2 is not a router I suppose..?
Why not put ATS *behind* R2, or rather in the DMZ, and route everything
that goes to port 80 and 443 through ATS? -- That's sort of the
definition of "transparent" proxy. It's transparent to the client
because you don't have to touch those.
Hi,
I'm following the idea that change the route 0.0.0.0/0 on R1 to ATS, on
ATS I've wrote an iptables DNAT rule which forward traffic has
destination port 80 to ATS:8080.
I'm reading old documentation of Traffic Server that describe about L4
switch or WCCP2, but both of them are expensive to implement (esp. L4
switch) and my routers don't support WCCP2.
After I route the Internet traffic to ATS, my feeling is it's not fast
enough compare when configure proxy settings on browser. I still don't
know the reason why, but I guess it's caused by iptables. Here are my
rules, it's very appreciated if you or somebody correct for me:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.7:8080
iptables -A FORWARD -p tcp -o eth0 -d 10.0.0.7 --dport 80 -m state
--state NEW -j ACCEPT
Thanks,
~Neddy
