I followed the guide here to set up squid to do transparent cacheing using wccpv2, and it works quite well. So I took the next step to use tproxy. I followed this page to introduce tproxy into the mix: http://wiki.squid-cache.org/SquidFaq/InterceptionProxy The kernel is compiled with tproxy, as is iptables and squid 2.7Stable7. I have set up iptables, the ip rule and ip route according to the guide. I'm running Ubuntu with kernel 2.6.28, iptables 1.4.3, squid 2.7.Stable7. For some reason the traffic never makes it to port 3129. Do I need to leave the iptables nat config for 3128 even though I am using tproxy? Am I missing something here? TIA, --Joe Squid port config: # Squid normally listens to port 3128 http_port 128.226.100.61:3128 transparent http_port 128.226.100.61:3129 tproxy Output of iptables: root@indianwells:~# iptables -t mangle -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DIVERT tcp -- anywhere anywhere socket TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 128.226.100.61:3129 mark 0x1/0x1 Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain DIVERT (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK xset 0x1/0xffffffff ACCEPT all -- anywhere anywhere root@indianwells:~# Joe Roth Networking Group Binghamton University Ph. 607-777-7528 Fax 607-777-4009 gNote: Information Technology Services (ITS) will never ask for personal or password information via email. If you have received an unsolicited email that appears to be from Binghamton University or Binghamton University ITS requesting password information, please DO NOT RESPOND.
