( re-sending, sent it from an unsubscribed address ) Hi everyone, I posted this on squid.users , but maybe someone here can be helpful as well ( especially in clarifying wether cttproxy will or not work with a bridge ). I am using a vanilla 2.4.33.3 kernel, with the last 2.4.33 cttproxy patch 2.0.5 and the latest ebtables patch. I am trying to get squid 2.6 + cttproxy to work on a transparently bridged environment, with scarce results. The bridging works fine, squid is compiled with tproxy support , and has the following directives ( among the others): http_port 3128 transparent tproxy vhost vport=80 always_direct allow all I enable the redirection as follows: ebtables -t broute -A BROUTING -p IPv4 --ip-protocol-6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT iptables -t tproxy -A PREROUTING -i br0 -p tcp --dport 80 -j TPROXY --on-port 3128 However Squid doesnt seem to able to spoof the original IP: all i get is a bunch of: 2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR ASSIGN 2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR ASSIGN 2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR ASSIGN 2006/09/13 01:03:16| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR ASSIGN 2006/09/13 01:03:29| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR ASSIGN The br0 interface has an ip assigned of 10.0.0.254 in the same subnet of 10.0.0.200 ( the client ). Did any one get squid+cttproxy to work on a bridge ? What am I missing ? thanks for your answer, Enrico