Hi ! I want to set up the same functionality using squid and iproute. I have a netfilter box (2.4.20 kernel 10.10.9.2) and squid box (10.10.10.9). My conf is: On netfilter box: [root@xxx root]# ip rule sh 0: from all lookup local 32765: from all fwmark 0x3 lookup 2 32766: from all lookup main 32767: from all lookup 253 [root@xxx root]# ip route sh table 2 default via 10.10.9.1 dev eth0 [root@xxx root]# iptables -t mangle -L PREROUTING Chain PREROUTING (policy ACCEPT) target prot opt source destination ACCEPT tcp -- squid anywhere tcp dpt:http MARK tcp -- anywhere anywhere tcp dpt:http MARK set 0x3 On squid box: [root@xxxxxx root]# iptables -L PREROUTING -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 8080 I was looking through tcpdump on netfilter and squid box, and there is no traffic between them ... ps. i have send the same email from different email account but my message was bounced ... -- "W przyszłości będziemy żyli albo w faszyzmie albo demokracji. Jeśli będziesz stał z boku, to będzie to faszyzm" Richard K. Moore pozdrawiam boka@xxxxxxxxxxxxxxxxxx
