RE: Configuring traffic server on transparent proxy mode.

Wed, 23 May 2012 06:15:26 -0700 

Finally resolved it this way: It got configured on tproxy mode

1.      Set in records config file, proxy.config.http.server_port to 8080, 
proxy.config.http.server_port_attr  to =(full transparent mode), disable 
proxy.config.url_remap.remap_required INT 0 (set to 0). Do not set 
proxy.config.http.server_other_ports
2.      ip rule add dev eth0 fwmark 1 lookup 100( for all eth interfaces, 
eth0,1 and 2)
3.      After taking backup:
a.      echo 1 > /proc/sys/net/ipv4/ip_forward
b.      echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter
c.      echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
d.      echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
4.      Setup a chain DIVERT to mark packets
a.      iptables -t mangle -N DIVERT
b.      iptables -t mangle -A DIVERT -j MARK --set-mark 1
c.      iptables -t mangle -A DIVERT -j ACCEPT
5.      Use DIVERT to prevent existing connections going through TPROXY twice:
a.      iptables  -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
6.      Mark all other (new) packets and use TPROXY to pass into TrafficServer:
a.      iptables  -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY 
--tproxy-mark 0x1/0x1 --on-port 8080

Does this sound correct?

Thanks & Regards
Saraswathi Venkataraman | Xoriant Solutions Pvt. Ltd.
Winchester, Hiranandani Business Park, Powai, Mumbai 400076, INDIA.
Tel: +91 22 30511000 | Ext: 1113 | 
http://www.xoriant.com<http://www.xoriant.com/>


-----Original Message-----
From: Alan M. Carroll [mailto:[email protected]]
Sent: Wednesday, May 23, 2012 6:11 AM
To: Saraswathi Venkataraman
Subject: Re: Configuring traffic server on transparent proxy mode.

Have you enabled transparency on the ATS port? E.g. to have full transparency 
on port 8080 you would need

CONFIG proxy.config.http.server_ports STRING 8080:tr-full

There are comments in records.config for this value with more information.

Tuesday, May 22, 2012, 7:59:04 AM, you wrote:

> In order to set the TS on transparent proxy mode, I have  disabled 
> reverse_proxy mode and remap_required on records.config file.
>
>
>
> The client server is configured in such a way that packets traceroute to the 
> webserver via the TS.
>
>

Reply via email to