Hi, I have just set up a transparent proxy (Squid 3.0 on Debian etch). Http redirect to port 3128 is ok and I can see http traffic in access.log. Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:www redir ports 3128 But I cannot access https website even though I have enable port 443 to be forwarded. Chain FORWARD (policy DROP) target prot opt source destination LOG 0 -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `DROP INVALID FORWARD' DROP 0 -- anywhere anywhere state INVALID ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- localnet/24 anywhere tcp dpt:https flags:FIN,SYN,RST,ACK/SYN state NEW LOG 0 -- anywhere anywhere LOG level warning tcp-options ip-options prefix `DROP ' Base on what I see on my syslog, whenever I browse any https site, the packet falls under INVALID and hence drop base on my second rule above. Can anybody help me? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html