I am trying to setup squid with tproxy. But I see that the client IP is not getting spoofed. Other stuffs work fine, i.e. squid listens on a transparent socket, but while creating the outgoing connection squid doesn't spoof the client IP. Below is my config file #==================== acl manager proto cache_object acl localhost src 127.0.0.1/32 http_port 11181 ssl-bump cert=/extra/squid/etc/Centos6.0.pem http_port 85 tproxy http_port 86 ssl-bump cert=/extra/squid/etc/Centos6.0.pem tproxy pid_filename /extra/squid/var/squid.pid cache_effective_user squid cache_effective_group squid logfile_rotate 5 debug_options ALL,9 coredump_dir /extra/squid/var/ visible_hostname squidhost access_log /extra/squid/var/logs/access.log cache_log /extra/squid/var/logs/cache.log visible_hostname r810 sslproxy_flags DONT_VERIFY_PEER http_access allow manager localhost http_access deny manager http_access allow all ssl_bump allow all always_direct allow all sslproxy_cert_error allow all #================================== Also, following are the commands to set the iptables configuration: =================================================== iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 85 iptables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 86 Routing related flags are set like: ========================== echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/conf/all/forwarding Regards, Nipun Bangalore