We are working to setup a Squid proxy server using the tproxy kernel and iptables patches. We've worked to get it configured for several days now and are having some problems. I spent a lot of time with Google and the mailing list archives but can't get my problem fixed. The proxy server has been working but I can't get it to rewrite the packets to show the client IP as the requesting IP for html requests. Trying to fix this, I specify the interface of the squid server for tcp_outgoing_address in the squid.conf file, but then client's can no longer access webpages. Their browser keeps waiting until they get a timeout error from the proxy server. Squid's access.log file shows a 504 error. I'm sure I'm missing something obvious, but I can't figure out what it is. BTW, I'm under the impression that ip_gre in recent kernels can do the equivalent of ip_wccp modules in older kernels. We are wanting to do the eqivalent of the ip_wccp as our router cannot do the GRE tunnel. I'm basing this understanding off of the following page: http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-5887c3744368f290... Specifics: OS: Debian 4.0 Kernel: 2.6.19.7 (patched with tproxy patch) iptables-1.3.7 (patched with trproxy patch) Relevant Modules loaded: iptable_filter ipt_TPROXY xt_tcpudp iptable_tproxy iptable_nat ip_nat ip_conntrack ip_tables (Note: ip_gre is built staticly into the kernel) Iptables rule added: iptables -t tproxy -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j TPROXY --on-port 80 (Note: eth1 is the inteface of the proxy server that clients hit. I've also tried eth0 in this iptables rule, as well as leaving out the -i flag entirely.) Relevant Parts of squid.conf: http_port 80 transparent tproxy wccp2_service dynamic 80 wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80 wccp2_service dynamic 90 wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80 tcp_outgoing_address <IP address of eth1> server_persistent_connections off If anybody can help me figure out what I'm missing, I would be most thankful. Sincerely, Bryan Walton