Hello Thank you very much for releasing nice software. I am trying to build proxy-firewall on Linux like Firewall-1. On tproxy README documents, I can read following descriptions. 1. Redirect sessions destined to the outer network to a local process using a packet filter rule. 3. Make it possible for a process to initiate a connection with a foreign address as a source. Item #1 can easiliy be done like following by using iptables NAT redirect with normal linux2.4 kernel. # iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 And, I have also confirmed #3 can be done by using tproxy like following. itp.itp_faddr = client_sin.sin_addr; itp.itp_faddr = client_sin.sin_port; setsockopt(s, SOL_IP, IP_TPROXY_ASSIGN, &itp, sizeof(itp)); setsockopt(s, SOL_IP, IP_TPROXY_FLAGS, &(flags=ITP_CONNECT), sizeof(flags)); But when I am tying to do proxy using both #1 and #3 at the same time, it does not work. After building proxy-server connection, client-proxy NAT table does not work and source port of the packet from proxy to client is not transfered. I have also tested using squid with patch(squid-2.5-tproxy-03.diff) of following URL, but the same problem was happened. http://www.scaramanga.co.uk/ I have tested with cttproxy-2.4.20-14. Is there any hint to solve this problem ? Thank you. -- Yoshioka Tsuneo E-MAIL: Tsuneo.Yoshioka@f-secure.com