RE: Configuring traffic server on transparent proxy mode.

Thu, 24 May 2012 04:57:37 -0700 

What exactly should I follow?
Just these two will do?

iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j TPROXY \
   --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1

iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 -j MARK 
--set-mark 1/1

Thanks & Regards
Saraswathi Venkataraman | Xoriant Solutions Pvt. Ltd.  
Winchester, Hiranandani Business Park, Powai, Mumbai 400076, INDIA. 
Tel: +91 22 30511000 | Ext: 1113 | http://www.xoriant.com


-----Original Message-----
From: Alan M. Carroll [mailto:[email protected]] 
Sent: Thursday, May 24, 2012 5:22 PM
To: Saraswathi Venkataraman
Subject: Re: Configuring traffic server on transparent proxy mode.

I would use just server_ports for all port description information. It was put 
in to do precisely that.

For iptables, a "--set-mark 0x1/0x1 -j ACCEPT" is effectively the same as your 
DIVERT chain.

I don't use the "-m socket" because once a stream is established normal routing 
will handle it. My iptables basically has two rules, one for --sport and one 
for --dport.

Thursday, May 24, 2012, 1:13:20 AM, you wrote:

> Thanks Alan.

> Are there any alternative ways to implement it without redundancy so that I 
> can compare and see what can be re moved? How do you suggest I implement it?

> Thanks & Regards
> Saraswathi Venkataraman | Xoriant Solutions Pvt. Ltd.  
> Winchester, Hiranandani Business Park, Powai, Mumbai 400076, INDIA. 
> Tel: +91 22 30511000 | Ext: 1113 | http://www.xoriant.com


> -----Original Message-----
> From: Alan M. Carroll [mailto:[email protected]] 
> Sent: Wednesday, May 23, 2012 8:55 PM
> To: Saraswathi Venkataraman
> Subject: Re: Configuring traffic server on transparent proxy mode.

> The use of server_port and server_other_ports is deprecated. You should use 
> server_ports only, with "8080:tr-full". However the change was made so that 
> those options should still work, although they will be removed in a future 
> release. You should not under any circumstances use both 
> server_port&server_other_ports and server_ports, that can cause port 
> conflicts.

> You are marking packets and using routing table 100. Do you define rules for 
> table 100? Also, it looks like your divert chain marks packets the same way 
> as your --dport rule. But if it works, then it's correct.

> Wednesday, May 23, 2012, 8:18:24 AM, you wrote:

>> Finally resolved it this way: It got configured on tproxy mode

Reply via email to