Zul, we already do that... it doesn't chance anything :( I don't remember right now how it was but, in option 1 via off, forward off, show that I'm BEHIND a proxy, but show the client ip address. Option 2: Without via and forward doesn't, but shows the squid ip address, instead the clients ip, I don't know if you understand me :( But it was something like that :( Tnxs to all Facundo Vilarnovo -----Mensaje original----- De: zulkarnain [mailto:sizulku@xxxxxxxxx] Enviado el: Miércoles, 16 de Mayo de 2007 12:55 a.m. Para: Facundo Vilarnovo; squid-users@xxxxxxxxxxxxxxx Asunto: RE: Really transparent proxy Add this following entry to your squid.conf via off forwarded_for off Regards, Zul --- Facundo Vilarnovo <fvilarnovo@xxxxxxxxxx> wrote: > Here it goes! > #####squid Conf.##### > http_port 3128 tproxy transparent > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > cache deny QUERY > acl apache rep_header Server ^Apache > broken_vary_encoding allow apache > access_log /usr/local/squid/var/logs/access.log > squid > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > acl our_networks src 0.0.0.0/0.0.0.0 > http_access allow our_networks > http_access deny all > http_reply_access allow all > icp_access allow all > visible_hostname debian-sq > wccp2_router XXX.XXX.XXX.XXX > wccp_version 4 > wccp2_forwarding_method 1 > wccp2_return_method 1 > wccp2_assignment_method 1 > coredump_dir /usr/local/squid/var/cache > ###### end of file ##### > > Here are the Iptables: > squid-RC9:/usr/local/squid/etc# iptables -L -t > tproxy > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > > TPROXY tcp -- anywhere anywhere > tcp dpt:www > TPROXY redirect 0.0.0.0:3128 > TPROXY tcp -- anywhere anywhere > tcp dpt:www > TPROXY redirect 0.0.0.0:80 > TPROXY tcp -- anywhere anywhere > tcp dpt:www > TPROXY redirect 0.0.0.0:80 > TPROXY tcp -- anywhere anywhere > tcp dpt:www > TPROXY redirect 0.0.0.0:3128 > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > > if any extra info is needed i have no problem to > postit! > > > Thnxs all!! > Facundo Vilarnovo ____________________________________________________________________________________ 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! Search movie showtime shortcut. http://tools.search.yahoo.com/shortcuts/#news