Hi, I've tried searching the mailing list and google but I can't seem to find a solution. I'm trying to set-up a squid proxy server (squid V3.1) in our organisation for external users. I've configured a Linux box (fedora 14) with 2 NIC, the first (eth0 IP address 172.20.104.148 - gateway 172.20.104.1) goes to the outside world and the other (eth1 - address/gateway 192.168.0.1) connects to an internal LAN. There is a DHCP server running on eth1, and that all works fine. One the other end of eth0 is a proxy server that I know nothing about other than the IP and port number. I've configured squid with a parent cache, the ACL to allow the LAN addresses through, it seems to be working because if i connect a client machine to eth1 and enter the proxy details for the squid box it will browse the internet with no problems. However, I cannot get the squid box to run as a transparent proxy (if I remove the proxy details from the client it ceases to work). I added the 'http_port 3128 transparent' to the squid.conf file but no joy, I read this command has now been depreciated and to use the 'http_port 3128 intercept' command instead, again, this doesn't work. I've tried using the IP tables commands (separately, wiping after each attempt): iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 172.20.104.148:3128 -- iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128 -- # permit Squid box out to the Internet $IPTABLES -t mangle -A PREROUTING -p tcp --dport 80 -s 192.168.0.1 -j ACCEPT # mark everything else on port 80 to be routed to the Squid box $IPTABLES -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK --set-mark 2 $IPTABLES -t mangle -A PREROUTING -m mark --mark 2 -j ACCEPT -- iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 -- None of these work (obviously) Can anyone help?