On 19/05/2011 17:11, Kelbel Junior wrote: > Well, being more specific... > The computer between the clients and the Mikrotik (border gateway) is > a squid proxy operating in bridge, to intercept all traffic on the > port 80 Then it's not a bridge because squid intercepts all packets and generates new packets in response However, there is an interesting new feature of squid, which was discussed a couple of days ago, which allow squid to remark packets with an outgoing firewall mark based on the incoming mark. With some thought you might be able to leverage this to mark the packets in some way to indicate they are valid to your next router (vlan tag, mac adjustment, something else...) Good luck Ed W -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
