1. There are at least 3 different versions of tproxy kernel patches. Each tproxy kernel patch is quite strongly tied to a kernel version, tproxy2 - kernel 2.6.18 - don't know where it is now, google for it. tproxy-4.0.x - kernel 2.6.22 - balabit website tproxy-4.1.0 - kernel 2.6.25 - netfilter website or balabit website The kernel patch might work with nearby kernel versions, for example, tproxy2 might work with kernel 2.6.19; however it will not work will kernel 2.6.22 ( unless you port it ). 2. So far Squid ( 3.0 and 2.6 ) is only supporting on tproxy2. If you managed to compile Squid without changing the source, meaning you are likely either did not successfully link in tproxy support or at best it is using tproxy2. However, if you patch the squid source, you should be able to get squid to work with tproxy-4.0.x and tproxy-4.1.0. You can look through the archive of this maillist to look at how to port squid versions to support tproxy-4.0.x and tproxy-4.1.0. Most of the patches floating around are not entirely satisfactory, but it could work, at least ! There is no one-stop-shop for getting tproxy-4.0.x and tproxy-4.1.0 working right now. 3. All the tproxy kernel patches are not compatible with one another. Each requires it's own way of setup and usage. So before doing anything, check if you have gotten the correct info/tproxy version/patches. These are some of the info :- tproxy2 - Requires additional patch to get SNAT working Don't seem to have problem with bridge tproxy4.0.x - Requires additional patches for SNAT and FWMARK. Some hurdles with bridge. tproxy4.1.0 - Still in the cooking. Some hurdles with bridge.