Hi, We have several interconnected branches on their own networks. I would like to shut off web access directly from all branches except head office. We have an Untangle gateway configured as a transparent bridge at head office that all traffic passes through. I would like to keep on using this for content filtering and logging. However I want a Squid server to be able to accept connections from our branches, use its caching and then redirect it out through the Untangle gateway for loggin. We will be redirecting all web traffic on our Cisco routers at each branch to the proxy server. I have Squid set up to allow connections from all our internal networks and set up IPtables with the following command: ptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 This all works fine and I am able to surf throguh the proxy, which appears to be caching correctly and forwarding it to our gateway which performs the content filtering and logging. The only problem is that through the NAT process the source IP address is replaced with that of the Squid's and is logged accordingly. How would I go about configuring Squid to accept connections, cache them and then forward the request on to the webserver via the gateway WITHOUT replacing the source IP address? In summary: user requests connection to website on port 80, request transparently redirected to Squid on Cisco router, Squid accepts it and forwards it to webserver through gateway. Cheers -- View this message in context: http://www.nabble.com/Squid---Not-replace-source-IP-address-tp24818364p24818364.html Sent from the Squid - Users mailing list archive at Nabble.com.