People, After a long time waiting to implement this solution I came here to ask how can I configure the redirection from iptables to squid. My squid.conf has this line: /http_port 3128 tproxy/ It starts ok. For a test I have made this "transparent" and make a rule on iptables (iptables -t nat -A PREROUTING -s .... -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128) and it works fine. It is really getting stuff and putting into cache (TCP_HIT). So, my network layout (for testing purpose only) is: /[ internet ] --- [ router ] --- [ cache ] --- [ me ] "me" network: 10.0.0.0/24 (me = .2 and cache = .1) "cache" network: 192.168.1.0/24 (cache = .9 and router = .1)/ This is a fine layout to work as a transparent proxy (using transparent). My router make a route to 10.0.0.0/24 throu cache, like: /route add -net 10.0.0.0/24 gw 192.168.1.9/ And in this router I am masquerading this network. I don't know if in this layout I can make this work so, I have made this script (based on README from tproxy): ------------------------------------------------------------------------ /#!/bin/bash IP="/sbin/ip" IPT="/sbin/iptables" PROXY_PT="3128" PROXY_MK="1" #---- # Criando as regras de redicionamento dos pacotes # marcados pelo iptables #---- $IP rule add fwmark $PROXY_MK lookup 100 $IP route add local 0.0.0.0/0 dev lo table 100 #---- # Criando as regras do iptables #---- $IPT -t mangle -F $IPT -t mangle -N DIVERT $IPT -t mangle -A PREROUTING -p tcp -m socket -j DIVERT $IPT -t mangle -A DIVERT -j MARK --set-mark 1 $IPT -t mangle -A DIVERT -j ACCEPT #---- # Marca os pacotes com destino ao cache #---- $IPT -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port $PROXY_PT/ ------------------------------------------------------------------------ This script is running as the box boots. When I start the cache it works fine but when I try to open a website squid access.log shows this: ------------------------------------------------------------------------ /1213980761.622 0 10.0.0.2 NONE/400 1497 GET /mrtg/trafego.php - NONE/- text/html 1213980783.535 0 10.0.0.2 NONE/400 1465 GET / - NONE/- text/html 1213980783.654 0 10.0.0.2 NONE/400 1487 GET /favicon.ico - NONE/- text/html 1213980794.052 0 10.0.0.2 NONE/400 1465 GET / - NONE/- text/html 1213980794.661 0 10.0.0.2 NONE/400 1465 GET / - NONE/- text/html 1213980795.181 0 10.0.0.2 NONE/400 1465 GET / - NONE/- text/html 1213980906.136 0 10.0.0.2 NONE/400 1465 GET / - NONE/- text/html/ ------------------------------------------------------------------------ And in my browser show that the URL could not be recovered and its URL is invalid. What can I do to solve this problem? -- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay