Hi Amos, Thanks for your kind response.As per your reply ,i set rp_filter value 2 .But no luck. And then i tried for bridge mode in that i can see traffic in tproxy iptables rules, but i m not getting requests in squid access.log my os : fedora 15 64 bit kernel: 2.6.40.4-5.fc15.x86_64 squid : Squid Cache: Version 3.1.15 As per your before suggestions, i used latest kernel and latest squid version.But still same issue i am facing.Please please guide me to solve this problem. Regards, Benjamin On Sat, Sep 24, 2011 at 11:03 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On Fri, 23 Sep 2011 16:49:24 +0530, benjamin fernandis wrote: >> >> Hi All, >> >> I am trying to deploy squid with existing network for cache gain and >> tproxy feature.I configured squid properly there is no error.I can see >> traffic in access.log and iptables tproxy rule but at end users end >> they are getting squid error page with request time out. >> >> What could be the mistake behind this problem.? >> >> Is there anything remaining in squid? > > It has recently been brought to my attentino that the rp_filter system > underwent a re-designe in kernel 2.6.32 and what we had in the wiki is doing > the opposite (strict blocking) of what we wanted (loose checks default, none > on the interface). Check your rp_filter values they should be "2" now where > previously we were advising "1", and "0" on the interface where TPROXY is > happening. > > >> >> reference : http://wiki.squid-cache.org/Features/Tproxy4 >> >> >> squid version: 3.1.15 >> os : fedora 15 >> >> >> Squid in network: >> >> ROUTER ------------> PBR CONFIGURATION ( FOR port 80 traffic >> pass to squid from bandwith shapper , for port 80 traffic pass >> internet to squid) >> | >> | >> SWITCH >> | | >> | | -----SQUID BOX >> | >> BANDWITH >> SHAPPER >> | >> | >> END USERS >> >> >> >> Kindly guide me to solve this abnormal problem. >> >> >> Thanks, >> Benjamin > >