I am using CentOS 5.1 and Tproxy 4, with squid. I should say am using it, but working on using it. I am having wierd problems with IPTables as well. Nick ________________________________ From: tproxy-bounces@lists.balabit.hu [mailto:tproxy-bounces@lists.balabit.hu] On Behalf Of Mike Adkins Sent: Wednesday, June 11, 2008 10:28 AM To: tproxy@lists.balabit.hu Subject: [tproxy] CentOS 5.1 and Tproxy4 Hello everyone. Setup: CentOS 5.1 Kernel: Linux centos5.a3rocks.com 2.6.25.5 #1 SMP Sun Jun 8 11:15:19 EDT 2008 i686 athlon i386 GNU/Linux tproxy patch: tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2 iptables: 1.4 iptables patch: tproxy-iptables-1.4.0-20080521-113954-1211362794.patch I think everything went well on the patching of the kernel and patching of iptables. So here is where I am. I am using the latest version of haproxy, which should work. I think the issue that I am having is due to the iptables. I don't think iptables is letting haproxy connect to the secondary host server. So haproxy is listening on port 50080, which is where I have tproxy sitting. Please take a look at my iptables entry and tell me if I am missing anything. I can see that my connection hits the proxy server, but it does not relay to the secondary host. Here is my iptables: echo 1 > /proc/sys/net/ipv4/ip_forward /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080 ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 /usr/local/sbin/iptables -t mangle -N DIVERT /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT /usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1 /usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT The ip for the proxy, where tproxy is sitting is 192.168.0.4 and the host server(running IIS) is 192.1680.06. I would like to use squid, but I am not familiar with it, like I am with haproxy. Any info would be appreciated. I am stuck now. Thanks. Mike <http://a3rocks.com/>