We tried to modify forward.c in squid source like this: #if LINUX_TPROXY /* hack to allow rewrite to 127.0.0.1: */ if (fwdState->request->flags.tproxy && strcmp(host,"127.0.0.1")) { itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr; itp.v.addr.fport = 0; /* If these syscalls fail then we just fallback to connecting * normally by simply ignoring the errors... */ #define IP_FREEBIND 15 int x=1; if (setsockopt(fd, SOL_IP, IP_FREEBIND, &x, sizeof(x)) == -1) { debug(20, 1) ("tproxy ip=%s,0x%x,port=%d ERROR ASSIGN \n", inet_ntoa(itp.v.addr.faddr), itp.v.addr.faddr.s_addr, itp.v.addr.fport); } else { static struct sockaddr_in to_addr; bzero(&to_addr, sizeof(struct sockaddr_in)); to_addr.sin_family = AF_INET; to_addr.sin_port = 0; /*statuc IP-adress of the client for testing */ if( inet_aton( "XXX.XXX.XXX.XXX", &to_addr.sin_addr ) == 0 ) { debug(20, 1) ("tproxy fail to set to_addr.sin.addr \n"); } /* Here it falls */ if (bind(fd, (struct sockaddr *) &to_addr, sizeof(to_addr)) == -1) { debug(20, 1) ("tproxy fail to bind\n"); } /* itp.op = TPROXY_FLAGS; itp.v.flags = ITP_CONNECT; if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1) { debug(20, 1) ("tproxy ip=%x,port=%d ERROR CONNECT \n", itp.v.addr.faddr.s_addr, itp.v.addr.fport); } */ } } #endif We receive the message "tproxy fail to bind". -- Andrey Luzgin <andrey@icomsw.com> I-com software(www.icomsw.com)