After checking the mail archive and did some testings, I noticed there are quite many different versions of the stuff floating around. Those in the netfilter web site has given me lots of headaches ( kernel version, iptable version and so on ), so I figured that I would dig more deeply into the version on balabit website, ie tproxy-4.0.3-2.6.22.tgz since they seems to only has minor incompatibility with squid. After installing the patch to a 2.6.22 kernel and compiling iptables 1.3.8, everything went on smoothly. And I testing a version of squid-2.6.stable13 with has been previously working with tproxy2 ( and I did modprobe iptable_tproxy tproxy_any=1 ), I noticed that squid is able to receive the redirected traffic. It's positive so far ! However upon checking the traffic, I noticed that the spoofing is not working, even though the http has been cached by squid. The squid cache.log says :- tproxy ip=192.168.1.5,0x576e4c0,port=0 ERROR ASSIGN That would be quite understandable, because the binary for squid has been compiled with ( ~/src/forward.c ) :- itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr; itp.v.addr.fport = 0; itp.op = TPROXY_ASSIGN; if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1) { debug(20, 1) ("tproxy ip=%s,0x%x,port=%d ERROR ASSIGN\n", inet_ntoa(itp.v.addr.faddr), itp.v.addr.faddr.s_addr, itp.v.addr.fport); } else { itp.op = TPROXY_FLAGS; itp.v.flags = ITP_CONNECT; if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1) debug(20, 1) ("tproxy ip=%x,port=%d ERROR CONNECT\n", itp.v.addr.faddr.s_addr, itp.v.addr.fport); } The tproxy-4.0.3-2.6.22.tgz did not mention how a source should be changed to use the new tproxy, I did try using IP_FREEBIND ( using #define IP_FREEBIND 15 ) and the error goes away, but the spoofing has not been done. Any suggestion where else should I check to convince squid to using the new spoofing mechanism ? Best regards. -------------------------------------------- Important Warning! *************************** This electronic communication (including any attached files) may contain confidential and/or legally privileged information and is only intended for the use of the person to whom it is addressed. If you are not the intended recipient, you do not have permission to read, use, disseminate, distribute, copy or retain any part of this communication or its attachments in any form. If this e-mail was sent to you by mistake, please take the time to notify the sender so that they can identify the problem and avoid any more mistakes in sending e-mail to you. The unauthorised use of information contained in this communication or its attachments may result in legal action against any person who uses it.