Hi Jan,

Tried the stuff as explained by you.

1. tcp_outgoing_address <ip address of the cache server>
2. http_port 3128 tproxy
3. iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY --on-port 80

But the websites don't load after that.
Do I need to change the iptable route. The default rule for tproxy is
iptables -t tproxy -A PREROUTING -j TPROXY --on-port <proxyport>

Tried changing the proxy port to 80 and 3128 but no luck.

Regards
Sunil

Jan Engelhardt wrote:

Jan,

Am running the cache server with only one eth interface having a Public
IP address i.e. eth0.


You need at least two interfaces to get any form of SNAT working 
reasonably. (but see below)

There is no bridge interface.

So, if my interface ip address is 192.168.1.1 should the tcp_outgoing
_address be 192.168.1.1.


Yes.

Since all the configuration looks ok now and iptables is accepting the
command

iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
TPROXY --on-port 80


This is just DNAT, it will work as intended.

could the outgoing address be the only issue?


'tproxy on' in squid.conf, of course :)

Will check and confirm if it works with that.


Jan Engelhardt