Hi, I am trying to test ATS in transparent proxy mode. I am using the inline linux bridge mode. It doesn't seem to work even though I made the changes as specified in the ATS documentation. My configuration is shown below. The request seems to come to the bridge device, however, the packet is not making up the stack to ATS. The device receive the TCP SYN, however, it's not getting forwarded up the stack to ATS. Am I doing something wrong in my configuration or otherwise? Thanks for the help...
Dk. ----- tshark output ---- [root@testserver03 ~]# tshark -i eth1 port 80 -nn Running as user "root" and group "root". This could be dangerous. Capturing on 'eth1' 1 0.000000000 192.168.20.200 -> 192.168.20.50 TCP 74 54754 > 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=253488830 TSecr=0 WS=128 2 1.001891063 192.168.20.200 -> 192.168.20.50 TCP 74 [TCP Retransmission] 54754 > 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=253489832 TSecr=0 WS=128 3 3.005951357 192.168.20.200 -> 192.168.20.50 TCP 74 [TCP Retransmission] 54754 > 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=253491836 TSecr=0 WS=128 ----- Config ----- brctl addbr br0 brctl stp br0 off brctl addif br0 eth1 brctl addif br0 eth2 ifconfig br0 0.0.0.0 ifconfig eth1 0 0.0.0.0 ifconfig eth2 0 0.0.0.0 ifconfig br0 192.168.10.100 netmask 255.255.255.0 up ip route add default via 192.168.10.200 ebtables -t broute -F ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1 iptables -t mangle -A PREROUTING -i eth2 -p tcp -m tcp --sport 80 -j MARK --set-mark 1/1 ip rule add fwmark 1/1 table 1 ip route add local 0.0.0.0/0 dev lo table 1
