Hello all, This is a question combining squid with firewall rule manipulation (both need to get along well...). I have a LAN and a GATEWAY BOX that serves as a NAT for all of the users behind the LAN. MY goal is to make the box filter all http requests and once they are clean route the traffic through a VPN. Up to here everthing is easy if I have only one VPN. The Challenge: .The box that acts as the NAT gateway and PROXY has 10 different VPNs. The BOX NATs a LAN of 20 users. I need to be able to NAT a specific user to a specific VPN however before that is done the http requests of that user should be filtered by the proxy in the SAME box. Example: LanUser1 makes an http request -> The HTTP request is processed on a BOX that acts as a gateway --> That same box has squid installed and filters the http request (Normal ACLs) --> Depending on the private IP of the LanUSER1 of the user the r