Hi there I have a little problem I'm hoping somebody can help me with. We are running a WAN here with firewall and tranparent proxy. I have some webservers on the inside of the firewall (yes I know .. this is not my choice... *sigh*) which I'm forwarding all data to ip's to those machines. The problem is: With transparent proxy working the way it should, nobody on the internal network can see the internal websites. With transparent proxy off, all works but I have no way of seeing who browses where anor content control. here is firewall rules that pertain to setup. Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- 10.0.0.0/8 0.0.0.0 tcp dpt:www redir ports 3128 REDIRECT tcp -- 10.0.0.0/8 0.0.0.0 tcp dpt:3128 redir ports 3128 DNAT tcp -- anywhere web1 tcp dpt:www to:10.0.0.10:80 DNAT tcp -- anywhere web1 tcp dpt:https to:10.0.0.10:443 Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 10.0.0.0/8 !10.2.0.0/16 to:liveip SNAT all -- 192.168.1.0/24 anywhere to:liveip Chain OUTPUT (policy ACCEPT) target prot opt source destination as off right now .. transparent proxy is not logging any internal traffic ... but I need to have tranparent proxy but still allow internal users to browse to web1 any suggestions ? Henti Smith
