Hi, I am trying to get my application to work transparent proxy mode i.e in inline Linux bridge mode. I've configured my Linux system as shown later in the end of the email. I've turned off rp_filters and enabled ip forwarding as suggested. I am following these instructions for Apache Traffic server. https://docs.trafficserver.apache.org/en/6.2.x/admin-guide/configuration/transparent-proxy/bridge.en.html The traffic seem to be coming into my bridged system and getting forwarded up the stack as per the configuration. However, my application is not receiving the traffic. Enabling tracing for port 80 shows the logs at the end of the email. Is my configuration correct? If so, why is my redirect rule that modifies the dest. port from 80 to 8080 not changing the port. Since my application is listening on 8080, could this be the reason my application is not seeing the traffic. If not, what else can I look at to debug this issue? Are there any other counters I can look at (or traces that I can enable) to determing where the packets are getting lost? Thanks for the help in advance. regards, Dk. OS: Centos 7.5 Kernel Version: 3.10 PS: My config. ----------------------------- Config -------------------------------- echo 1 > /proc/sys/net/ipv4/ip_forward brctl addbr br0 ifconfig br0 up brctl stp br0 off brctl addif br0 enp2s0 brctl addif br0 enp1s0f3 ifconfig enp2s0 0 0.0.0.0 ifconfig enp1s0f3 0 0.0.0.0 ifconfig br0 192.168.150.150 netmask 255.255.255.0 up echo 0 > /proc/sys/net/ipv4/conf/br0/rp_filter echo 0 > /proc/sys/net/ipv4/conf/enp1s0f3/rp_filter echo 0 > /proc/sys/net/ipv4/conf/enp2s0/rp_filter ip rule delete fwmark 1/1 > /dev/null 2>&1 ip rule add fwmark 1/1 table 1 ip route add local 0/0 dev lo table 1 iptables -t mangle -A PREROUTING -i enp2s0 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 1/1 iptables -t mangle -A PREROUTING -i enp1s0f3 -p tcp -m tcp --sport 80 -j MARK --set-mark 1/1 iptables -t filter --flush FORWARD iptables -t filter --flush INPUT ebtables -t broute -F ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP ebtables -t broute -A BROUTING -p IPv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP ------------------------- TRACES ---------------------------------- Jul 8 15:57:26 localhost kernel: TRACE: raw:PREROUTING:policy:2 IN=enp2s0 OUT= MAC=00:30:18:08:06:e8:0c:c4:7a:b5:be:eb:08:00 SRC=192.168.10.200 DST=192.168.10.50 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43187 DF PROTO=TCP SPT=35294 DPT=80 SEQ=2080332442 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A3771F2290000000001030307) Jul 8 15:57:26 localhost kernel: TRACE: mangle:PREROUTING:rule:1 IN=enp2s0 OUT= MAC=00:30:18:08:06:e8:0c:c4:7a:b5:be:eb:08:00 SRC=192.168.10.200 DST=192.168.10.50 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43187 DF PROTO=TCP SPT=35294 DPT=80 SEQ=2080332442 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A3771F2290000000001030307) Jul 8 15:57:26 localhost kernel: TRACE: nat:PREROUTING:policy:1 IN=enp2s0 OUT= MAC=00:30:18:08:06:e8:0c:c4:7a:b5:be:eb:08:00 SRC=192.168.10.200 DST=192.168.10.50 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43187 DF PROTO=TCP SPT=35294 DPT=80 SEQ=2080332442 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A3771F2290000000001030307) UID=1001 GID=1001 MARK=0x1 Jul 8 15:57:26 localhost kernel: TRACE: mangle:INPUT:policy:1 IN=enp2s0 OUT= MAC=00:30:18:08:06:e8:0c:c4:7a:b5:be:eb:08:00 SRC=192.168.10.200 DST=192.168.10.50 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43187 DF PROTO=TCP SPT=35294 DPT=80 SEQ=2080332442 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A3771F2290000000001030307) UID=1001 GID=1001 MARK=0x1 Jul 8 15:57:26 localhost kernel: TRACE: filter:INPUT:policy:1 IN=enp2s0 OUT= MAC=00:30:18:08:06:e8:0c:c4:7a:b5:be:eb:08:00 SRC=192.168.10.200 DST=192.168.10.50 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43187 DF PROTO=TCP SPT=35294 DPT=80 SEQ=2080332442 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A3771F2290000000001030307) UID=1001 GID=1001 MARK=0x1 Jul 8 15:57:26 localhost kernel: TRACE: nat:INPUT:policy:1 IN=enp2s0 OUT= MAC=00:30:18:08:06:e8:0c:c4:7a:b5:be:eb:08:00 SRC=192.168.10.200 DST=192.168.10.50 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43187 DF PROTO=TCP SPT=35294 DPT=80 SEQ=2080332442 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A3771F2290000000001030307) UID=1001 GID=1001 MARK=0x1
