I've found some hints http://tldp.org/HOWTO/TransparentProxy-4.html: >The reason is that the mechanism by which the process determines the >original destination address has changed from linux 2.2, and only >squid-2.4 has this new code in it. (For those of you who are interested, >previously the getsockname() call was hacked to provide the original >destination address, but now the call is getsockopt() with a level of >SOL_IP and an option of SO_ORIGINAL_DST). http://wiki.squid-cache.org/SquidFaq/InterceptionProxy: >You can usually manually configure browsers to connect to the IP address >and port which you have specified as intercepted. The only drawback is >that there will be a very slight (and probably unnoticeable) performance >hit as a syscall done to see if the connection is intercepted. If no >interception state is found it is processed just like a normal >connection. Thanks for your patience Sebastian R. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html