Hello! I'm just getting started with tproxy on our local firewall machine, and am running into a couple of problems. The 1.1.2 patches seem to install just fine, and after explicitly loading iptable_proxy, ipt_tproxy, and ipt_TPROXY, I am able to set up rough transparent proxies using the setsockopt() API. The first problem is that the extensions to the iptables command itself do not seem to be recognized: [router] iptables # iptables -t tproxy -A PREROUTING -j TPROXY --on-port 10110 iptables v1.2.9rc1: Unknown arg `--on-port' Try `iptables -h' or 'iptables --help' for more information. Is there some other module that I have to load in order for iptables to recognize the tproxy options? The second problem is that the firewall currently uses a MASQUERADE rule that rewrites address from hosts on the local network (private addresses) to the global address of the outgoing interface. This works fine with non-transparent proxies, but when I set one up in transparent mode (using the setsockopt() calls) the outgoing packets from the local network are not masqueraded. As a result, the server is seeing packets with private source addresses, which of course it cannot reply to. Is there a way around this? Obviously the benefits of transparent proxying are lost if you do masquerading, for all traffic, but in our case it only applies to certain interfaces, while the other networks have routable addresses. It seems as though, in this case, the masquerade rules might take precedence? Thanks for any insight you can provide! Tim __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com