Before marking squid packets you have to define route with "ip" iproute2 command more info could be find on www.lartc.org , below is an example of iproute + iptables for your firewall machine. echo 112 squid.out >> /etc/iproute2/rt_tables ip rule add fwmark 3 table squid.out ip route add default via xxx.xxx.xxx.xx dev eth0 table squid.out ip route flush cache # repacle xxx.xxx.xx with squid server ip ##### here is iptables part iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 80 -j MARK --set-mark 3 regards Askar hope this would helps On 7/5/05, Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> wrote: > > >I dont know what mangle rule I need to mark squid transparent packets, I > >have tried all the following (One at a time): > > Because Squid practically starts a new connection, you need special help > from squid itself to mark outgoing packets based on incoming ones. > > This is done by TPROXY, a netfilter module from Balabit.com. > Unfortunately, they do not have a version for 2.6.11 and up yet. > > > > Jan Engelhardt > -- > | Alphagate Systems, http://alphagate.hopto.org/ > > > -- I love deadlines. I like the whooshing sound they make as they fly by. Douglas Adams
