Hello everyone, I'm trying to run the following configuration: * Debian testing, kernel 2.6.30, iptables 1.4.4, squid 3.1.0,14, ebtables, bridge-utils TPROXY 4 stage http://img524.imageshack.us/img524/2645/twobridge.jpg /etc/network/interfaces #------------------- # Bridge router1 #------------------- auto br1 iface br1 inet static bridge_ports eth0 eth1 address 10.1.1.2 netmask 255.255.255.0 gateway 10.1.1.1 #------------------- # Bridge router2 #------------------- auto br2 iface br2 inet static bridge_ports eth2 eth3 address 20.1.1.2 netmask 255.255.255.0 gateway 20.1.1.1 /etc/rc.local iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 echo 1 > /proc/sys/net/ipv4/ip_forward ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 /etc/squid/squid.conf http_port 3128 http_port 3129 tproxy acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.0.0.0/8 acl localnet src 20.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost http_access deny all So far so good, except that the squid is not cached, but they work the two bridges and each out of your gateway, if I do a iptables-t mangle-L-n-v I see that the rules of rc.local marked packages. When I add the following lines begins to cache the squid but it only works one of two bridges (any) and the other is at 0 and can not navigate. ebtables -t broute -I BROUTING -i eth1 -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP ebtables -t broute -I BROUTING -i eth0 -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP ebtables -t broute -I BROUTING -i eth3 -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP ebtables -t broute -I BROUTING -i eth2 -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP It is possible to operate the two bridges each for their gateway using squid?