Hi,Here is how the IP tables should be if you have compiled ATA with transparent proxy support: Assuming you have used port 8080 or ATS :DIVERT - [0:0] -A PREROUTING -p tcp -m socket -j DIVERT -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 8080 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1 -A DIVERT -j MARK --set-xmark 0x1/0xffffffff -A DIVERT -j ACCEPT
[root <at> ats ~]# ip rule show0: from all lookup local32765: from all fwmark 0x1 lookup 10032766: from all lookup main32767: from all lookup default ATS config:############################################################################### Specify server addresses and ports to bind for HTTP and HTTPS. Docs:# https://docs.trafficserver.apache.org/records.config#proxy-config-http-server-ports##############################################################################CONFIG proxy.config.http.server_ports STRING 8080:tr-full Building ATS for transparency — Apache Traffic Server 4.2.3 documentation | | | Building ATS for transparency — Apache Traffic Server 4.2.3 documentation | | | Inline on a Linux router — Apache Traffic Server 5.3.2 documentation | | | Inline on a Linux router — Apache Traffic Server 5.3.2 documentation | | | Regards, Faisal. From: Rebirthing <[email protected]> To: [email protected] Sent: Tuesday, January 24, 2017 12:45 PM Subject: Problem on Transparent-Proxy Configuration Hello. My name is Jaden, a developer in korea. I'm trying to configure Router-ATS Transparent Proxy. But it doesn't work and I couldn't figure out the problem. Please Help me. -Environments-OS : Ubuntu 16.04ATS Version : LatestNetwork Topology : Internet ----- (ens33, 192.168.75.0/24) : ATS : (ens35, 172.16.113.0/24) ---- Intranet iptables setting :# iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE# iptables -A FORWARD -i ens33 -o ens35 -m state --state RELATED,ESTABLISHED -j ACCEPT# iptables -A FORWARD -i ens35 -o ens33 -j ACCEPT # iptables -t mangle -A PREROUTING -i ens35 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1# iptables -t mangle -A PREROUTING -i ens33 --source 192.168.75.0/24 -j ACCEPT# iptables -t mangle -A PREROUTING -i ens33 --destination 192.168.75.0/24 -j ACCEPT# iptables -t mangle -A PREROUTING -i eth33 -p tcp -m tcp --sport 80 -j MARK --set-mark 1/1# ip rule add fwmark 1/1 table 1# ip route add local 0.0.0.0/0 dev lo table 1 I checked the packets with wireshark. Only Tcp packets didn't pass through. DNS Querying is working but TCP not. Could you help me? Thank you.
