Good staff I have the following architecture: Arch Linux kernel: 2.6.30 iptables: 1.4.6 ebtables: 2.0.9 squid: 3.1.0.14 Network: eth1: 0.0.0.0 eth2: 0.0.0.0 br0: 172.16.2.3/12 route: 172.16.0.1 Firewall rules: cd /proc/sys/net/bridge/ for i in * do echo 0 > $i done unset i iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP ebtables -t broute -A BROUTING -i eth2 -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 Sysctl: net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 net.ipv4.ip_nonlocal_bind=1 net.ipv4.ip_forward=1 Squid.conf acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access deny all icp_access allow localnet icp_access deny all http_port 3128 http_port 3129 tproxy hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 #acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] #upgrade_http0.9 deny shoutcast #acl apache rep_header Server ^Apache #broken_vary_encoding allow apache cache_mgr mail@mai.com visible_hostname agros.mail.com cache_effective_user proxy cache_effective_group proxy maximum_object_size 10 MB cache_dir aufs /var/cache/squid/cache 80000 16 256 coredump_dir /var/cache/squid/cache/ cache_store_log /var/log/squid/store.log cache_log /var/log/squid/cache.log access_log /var/log/squid/access.log squid pid_filename /var/run/squid.pid tcp_outgoing_address 172.16.2.3 debug_options ALL,1 89,6 Now comes the problem: Sometimes browsing but slowly and in most cases customers do not open anything. Thanks Victor Feitoza.