[
https://issues.apache.org/jira/browse/TS-3636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14559662#comment-14559662
]
Faysal Banna commented on TS-3636:
----------------------------------
back to my problem issue i had here i did some work around to find another way
to fix my problem as i needed parent proxy stuff
thats what i finally did.
in remap.config i had :
regex_map http://(.*)?distrowatch.com/ http://$0/ @plugin=conf_remap.so
@pparam=proxy.config.net.sock_packet_mark_out=50
and thats all for ATS
the rest is linux firewall
so my firewall is as follows
iptables -t mangle -A PREROUTING -i em2 -p tcp -m tcp --sport 8080 -j MARK
--set-xmark 0x1/0xffffffff
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -m mark --mark 0x32 -j DNAT
--to-destination 77.75.92.61:8080
iptables -t nat -A POSTROUTING -o em2 -j SNAT --to-source 77.75.92.59
also not to forget the rules made for tproxy on em1 also and the tproxy
route/rules
where 77.75.92.61 is the parent proxy and 77.75.92.59 is the ip address on
interface em2
interface em1 gets different ip address and all traffic goes (client/origin)
goes through em1 except for those that should be parent proxied should go
through em2
hope this helps someone who needs it
much regards
> Parent Proxy Forward mode ts-full
> ---------------------------------
>
> Key: TS-3636
> URL: https://issues.apache.org/jira/browse/TS-3636
> Project: Traffic Server
> Issue Type: Bug
> Components: Parent Proxy, TProxy
> Reporter: Faysal Banna
> Assignee: Alan M. Carroll
>
> Hello Guys.
> today i stumbled upon an issue with parent proxy, and let me describe what is
> going on.
> i have my cache working in forward proxy mode tr-full
> proxy.config.reverse_proxy.enabled 0
> proxy.config.url_remap.remap_required 0
> proxy.config.http.server_ports 8080:tr-full:tr-pass 8099
> and in parent.config i have
> url_regex=".*distrowatch" parent="77.75.92.61:8080"
> now if i do
> export http_proxy=127.0.0.1:8099
> wget 'http://distrowatch.com' --delete-after
> i can see that the request was proxied to the parent cache in squid.log as
> shown below:
> 1432569647.049 823 127.0.0.1 TCP_REFRESH_MISS/200 157668 GET
> http://distrowatch.com/ - PARENT_HIT/77.75.92.61 text/html
> yet if i go as a client forwarded to the server from my laptop
> i issue
> wget --delete-after 'http://distrowatch.com'
> i get in squid.log
> 1432570157.718 62805 77.75.88.82 TCP_REFRESH_MISS/200 157598 GET
> http://distrowatch.com/ - DIRECT/distrowatch.com text/html
> i checked tcpdump on the interface between both caches and i had a result
> that ATS was sending parent proxies with origin ip addresses same as the
> client ip addresses .
> so i did a source-nat (SNAT) via iptables firewall on the interface itself
> and originated traffic as if originated from ATS itself
> in diags.log i could always see
> http parent proxy 77.75.92.61:8080 marked down
> in my believe parent proxy should not get client address unless asked for.
> since it should always reply to the ATS server so it should get ATS ip
> address and not client ip address regardless of being TProxied or not.
> unless someone can create some variable to enable disable such feature when
> contacting parent proxies.
> Regards
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
