hi all,
the ATS version is 6.0.0.
the layer 3 switch is a Huawei S3928TP-SI brand.
the topology is :
client PC to port 1,
ATS server to port 2,
router to port 3.
here are the main steps of configuring switch:
#define acl 3001 to intercept 80 port traffic to internet
acl number 3001
description client traffic to ATS server
rule 0 permit TCP destination-port eq www
#define acl 3011 to intercept 80 port traffic from internet
acl number 3011
description internet traffic to ATS server
rule 0 permit TCP source-port eq www
#apply acl 3001 at ethernet port 1, redirect traffic to internet to port 2
interface Ethernet 1/0/1
traffic-redirect inbound ip-group 3001 interface Ethernet 1/0/2
#apply acl 3011 at ethernet port 3, redirect the traffic from internet to
port 2
interface Ethernet 1/0/3
traffic-redirect inbound ip-group 3011 interface Ethernet 1/0/2
the related config values in record.config:
proxy.config.reverse_proxy.enabled INT 1
proxy.config.url_remap.remap_required INT 0
proxy.config.http.server_ports STRING 8080:ipv4:tr-full
my script for setting up before ATS server start:
#!/bin/sh
ETH0=enp14s0
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/$ETH0/rp_filter
ip rule delete fwmark 1/1 > /dev/null 2>&1
ip rule add fwmark 1/1 table 1
ip route add local 0/0 dev lo table 1
iptables -t mangle --flush PREROUTING
iptables -t mangle -A PREROUTING -i $ETH0 -p tcp -m tcp --dport 80 -j
TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1
iptables -t mangle -A PREROUTING -i $ETH0 -p tcp -m tcp --sport 80 -j MARK
--set-mark 1/1
iptables -t filter --flush FORWARD
iptables -t filter --flush INPUT
the result:
visiting websites at client browser get timeout, means that traffic
intercepting at switch works.
the 3 processes traffic_cop, traffic_manager and traffic_server can
be seen using "ps aux" on the ATS server.
there is no access log print using "traffic_logcat squid.log"
no http packets on ethernet enp14so or loop back can be grabbed using
wireshark.
any debug advices ?
thanks in advance.
