I test Zorp 3.0.14b + 2.0.6 cttproxy for kernel 2.6.17 and It work fine for me, but I found client can see ip address of dummy interface that I can't understand. client(192.168.88.166) <--> zorp(dummy ip 172.16.44.10) <--> server(192.168.88.10) # iptables -t tproxy -I PREROUTING -p tcp --dport 80 -j TPROXY --on-ip 172.16.44.10 --on-port 60080 instances.conf: http -T -v 1 -s core.error:0 -p /usr/local/etc/zorp/http.py -B 172.16.44.10 http.py: . . . def zorp(): Service("http", MyHttp, router=TransparentRouter(forge_addr=TRUE, forge_port=Z_PORT_EXACT)) Listener(SockAddrInet(172.16.44.10, 60080), "http", transparent=TRUE, mark_tproxy=TRUE) when I make a new http request from client to server and tcpdump will display the information below tcpdump on client # tcpdump | grep 172.16.44.10 16:10:57.975579 802.1Q vlan#3 P0 172.16.44.10.60080 > 192.168.88.166.2883: P 0:32(32) ack 1 win 11680 (DF) 16:10:57.975611 172.16.44.10.60080 > 192.168.88.166.2883: P 0:32(32) ack 1 win 11680 (DF) 16:10:57.975831 192.168.88.166.2883 > 172.16.44.10.60080: R 3812615646:3812615646(0) win 0 16:10:57.975860 802.1Q vlan#3 P0 192.168.88.166.2883 > 172.16.44.10.60080: R 3812615646:38126156 tcpdump on server # tcpdump | grep 172.16.44.10 16:10:57.538207 arp who-has 192.168.88.10 tell 172.16.44.10 my question is how to avoid client see dummy ip address? ZhouLi ____ KILL邮件安全网关 已经扫描了这封邮件 ____