You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@trafficserver.apache.org by Alvin Alexander <al...@pesat.net.id> on 2012/05/24 15:02:07 UTC
Re: Configuring traffic server on transparent proxy mode (Bridge
Mode)
Mr. Alan,
I'm confused with your ebtables rules :
ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 \
-j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 \
-j redirect --redirect-target DROP
While others use :
ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 \
-j redirect --redirect-target ACCEPT
ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 \
-j redirect --redirect-target ACCEPT
Regards,
Alvin
On 24/05/2012 6:51, Alan M. Carroll wrote:
> I would use just server_ports for all port description information. It was put in to do precisely that.
>
> For iptables, a "--set-mark 0x1/0x1 -j ACCEPT" is effectively the same as your DIVERT chain.
>
> I don't use the "-m socket" because once a stream is established normal routing will handle it. My iptables basically has two rules, one for --sport and one for --dport.
>
> Thursday, May 24, 2012, 1:13:20 AM, you wrote:
>
>> Thanks Alan.
>> Are there any alternative ways to implement it without redundancy so that I can compare and see what can be re moved? How do you suggest I implement it?
>> Thanks& Regards
>> Saraswathi Venkataraman | Xoriant Solutions Pvt. Ltd.
>> Winchester, Hiranandani Business Park, Powai, Mumbai 400076, INDIA.
>> Tel: +91 22 30511000 | Ext: 1113 | http://www.xoriant.com
>
>> -----Original Message-----
>> From: Alan M. Carroll [mailto:amc@network-geographics.com]
>> Sent: Wednesday, May 23, 2012 8:55 PM
>> To: Saraswathi Venkataraman
>> Subject: Re: Configuring traffic server on transparent proxy mode.
>> The use of server_port and server_other_ports is deprecated. You should use server_ports only, with "8080:tr-full". However the change was made so that those options should still work, although they will be removed in a future release. You should not under any circumstances use both server_port&server_other_ports and server_ports, that can cause port conflicts.
>> You are marking packets and using routing table 100. Do you define rules for table 100? Also, it looks like your divert chain marks packets the same way as your --dport rule. But if it works, then it's correct.
>> Wednesday, May 23, 2012, 8:18:24 AM, you wrote:
>>> Finally resolved it this way: It got configured on tproxy mode
>
>
> ****************************************************************************************************************************************
> This footnote confirms that this email message has been scanned by PSN Anti-Spam system for presence of malicious code, vandals& computer viruses.
> ****************************************************************************************************************************************
>
>
>
>