hi all! im using tproxy on fedora 12 (kernel 2.6.31-6) with squid 3.1.8 on a wccp configuration using a cisco 3560. everything works really fine , except for some newly appeared web sites (or something like that) that abuses on http 1.1, and cause many customers requests. failed. in short: can i really bypass squid and send these requests directly to the internet? i believe that this is possible changing the pre-post routings rules of iptables and , giving the ip of the websites Thank you in advance. my sh executing iptables actual config : #!/bin/sh # squid server IP SQUID_SERVER="192.168.250.9" # Interface connected to LAN LAN_IN="eth5" # Interface connected to Internet INTERNET="eth7" # DO NOT MODIFY BELOW # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 # # Setting default filter policy iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT # ############################################### # # TPROXY 4 Rules - router # ############################################## # #Setup a chain DIVERT to mark packets # iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ############################################### # # TPROXY 4 Rules - bridge # ############################################## # # Use DIVERT to prevent existing connections # going through TPROXY twice: # # iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT # # Mark all other (new) packets and use TPROXY to pass into Squid: # # iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 # # iptables -A INPUT -i gre0 -j ACCEPT # iptables -A INPUT -p gre -j ACCEPT # # # ebtables -t broute -A BROUTING -i $LAN_IN -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP # # ebtables -t broute -A BROUTING -i $INTERNET -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP # # # # # cd /proc/sys/net/bridge/ for i in * do echo 0 > $i done unset i # ip ro flu ca ------------------------- www.gigared.com