You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@trafficserver.apache.org by "Jay Li (jianli)" <ji...@cisco.com> on 2014/09/17 11:10:40 UTC

how can we config ATS as full transparent proxy

Hi,

I am a junior of ATS.  In order to make inbound and outbound transparent proxy cache server , is there anybody help to provide a workable config for reference?  Thank you!

Regards
Jay

Re: how can we config ATS as full transparent proxy

Posted by "Jay Li (jianli)" <ji...@cisco.com>.

Hi, Alan 

Thank you.  And there are two interfaces (eth0/eth1) in your example and
the mangle table is below.

iptables -t mangle --flush PREROUTING
if (( $INBOUND )) ; then
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j
TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1
fi
if (( $OUTBOUND )) ; then
iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 -j MARK
--set-mark 1/1
Fi

But in case that I have only one interface in my ATS server for both
inbound and outbound traffic (like single arm route), is it possible for
transparent proxy?  Can I just change eth1 to eth0 in mangle table?


iptables -t mangle --flush PREROUTING
if (( $INBOUND )) ; then
iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1  /// eth1->eth0
fi
if (( $OUTBOUND )) ; then
iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --sport 80 -j MARK
--set-mark 1/1
Fi


Regards


Jay





On 9/17/14, 8:24 PM, "Alan M. Carroll" <am...@network-geographics.com> wrote:

>Wednesday, September 17, 2014, 4:10:40 AM, you wrote:
>> I am a junior of ATS.  In order to make inbound and outbound
>>transparent proxy cache server , is there anybody help to provide a
>>workable config for reference?  Thank you!
>
>This would be a good place to start -
>http://archive.apachecon.com/na2013/presentations/27-Wednesday/A_Patchy_We
>b/16:15-Apache_Traffic_Server.pdf
>

Re: how can we config ATS as full transparent proxy

Posted by "Alan M. Carroll" <am...@network-geographics.com>.

Wednesday, September 17, 2014, 4:10:40 AM, you wrote:
> I am a junior of ATS.  In order to make inbound and outbound transparent proxy cache server , is there anybody help to provide a workable config for reference?  Thank you! 

This would be a good place to start - http://archive.apachecon.com/na2013/presentations/27-Wednesday/A_Patchy_Web/16:15-Apache_Traffic_Server.pdf