Hi Zul, Here are the steps to be followed: 1. Apply Cttproxyv2.0.6 to linux kernel v2.6.18 2. Apply the given patch for dual NAT 3. Compile the kernel as usual with TPROXY support enabled. 4. Run Squid (I have tested it with Squid v 2.6) with tproxy related options enabled. 5. Add TPROXY rule to redirect HTTP packets: e.g.: iptables -t tproxy -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 3128 [Assuming Squid proxy listens on port 3128] 6. Add POSTROUTING rule for performing SNAT. e.g. Say LAN network is 192.168.1.0/24, iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to <Src IP> Please let me know of any issues along with the kernel version , Squid version, iptables rules and your test setup. On 12/10/2007, zulkarnain <sizulku@yahoo.com> wrote:

...

On 10/10/2007, Arun S <hi2arun@gmail.com> wrote: Hi Bazsi,

Sometimes it is required to SNAT HTTP traffic that is not possible with Cttproxy-v2.0.6; since double NAT is not possible.

Here is a patch attached to solve that issue.

This patch helps to perform SNAT in POSTROUTING chain of TPROXY table as well as in POSTROUTING chain of NAT table.

Can you please validate this patch let me know your concerns.

Hi Arun,

I'm having problem to perform dual NAT using your patch. Would you please be more detail and give some example how to use it? Thanks!

Regards, Zul

____________________________________________________________________________________ Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow

-- Regards, Arun S.