tis 2009-09-15 klockan 12:28 +1200 skrev Amos Jeffries: > The big reason is that TPROXY passes the IPs to Squid inverted via > accept(). There is no probe like the NAT ORIGINAL_DST to separate the > TPROXY and non-TPROXY received connections. The only way to identify this > IP inversion is the flags in squid.conf. Yes, but here we are talking about the other side, when Squid makes the outgoing connection. That part do not need to depend in any way on how the request arrived at Squid, just on where the request is heading (routing of return traffic for the client via Squid server). Should in theory work to enable tproxy spoofing even for normal proxied connections. Regards Henrik