Hi, Pls fill below varable with yours. $LAN= Lan ip range. example- 192.168.0.0/24 $INTERFAZ_INT= Interface connects to the Internet $INTERFAZ_LAN= Interface conncects to Lan $LAN_IP of the squid box = Lan ip. example- 192.168.0.1 I use below rules for tranceparent interception on Linux. #Enabling ip forwarding echo "1" > /proc/sys/net/ipv4/ip_forward #For squid traffic to Accept iptables -A INPUT -d $LAN_IP -p tcp -s $LAN --dport 3128 -j ACCEPT iptables -A FORWARD -p udp -s $LAN --dport 53 -m state --state NEW -j ACCEPT iptables -A FORWARD -p tcp -s $LAN -m multiport --dports 20,21,22,25,43,53,80,443,110,143 -m state --state NEW -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp -m multiport --dports 20,21,22,25,43,53,80,443,110,143 -j ACCEPT iptables -t nat -A POSTROUTING -p udp -o $INTERFAZ_INT -s $LAN --dport 53 -j SNAT --to-source $INT_IP iptables -t nat -A POSTROUTING -p tcp -o $INTERFAZ_INT -s $LAN -m multiport --dports 20,21,22,25,43,53,80,443,110,143 -j SNAT --to-source $INT_IP #Redirecting traffic destined to port 80 to port 3128 iptables -t nat -A PREROUTING -p tcp -i $INTERFAZ_LAN --dport 80 -j REDIRECT --to-port 3128 in addition to that, Pls check you Clients PCs. their gateway, DNS servers
