Hi fellows, hope you can help me out with a problem im still having. The problem is quite simple and complicated we are on a small isp, trying to implement squid without "the user noticing it" we´ve come very far reading your lists and googling squids tproxy. on a linux box, only one eth0, with a gre0, with a cisco 7200. kernel and iptables patched with lasts cttproxys :D iptables -L -t tproxy Chain PREROUTING (policy ACCEPT) target prot opt source destination TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 0.0.0.0:3128

#####squid Conf.##### http_port 3128 tproxy transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /usr/local/squid/var/logs/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 0.0.0.0/0.0.0.0 http_access allow our_networks http_access deny all http_reply_access allow all icp_access allow all visible_hostname debian-sq wccp2_router XXX.XXX.XXX.XXX wccp_version 4 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 coredump_dir /usr/local/squid/var/cache via off forwarded_for off

with this last 2 options, we have played a lot. if set it on, client ip is passing through the squid, url`s like www.whatsmyipadress.com are still detecting a proxy behind it! :( if set off, squid ip is reaching final url, but squid is not being detected. as far as i can tell, is that if i set the parameter: tcp_outgoing_adress x.x.x.x and adding another iptables rule and NIC to the linux box, the requesting page on the client browser "dies" (keeps waiting till it times out( so no tcp_outgoing_adress is have to be set up in order to surf withouth problems BUT if not set up, on syslog and squid.out i can see: squid-RC9 squid[26519]: tproxy ip=[x.x.x.x--->client address here],0xa4e851c8,port=0 ERROR ASSIGN what else should i have to check? there is a hardware solution that has been offered to us.....bluecoat SG.........that is covering all these needs by our boss. but it is a so expensive product in a country like ours (argentina) that we cant afford it...........we bet on tproxy´s magic........we still believe Thanx in advance Nicolas ____________________________________________________________________________________ Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games. http://sims.yahoo.com/