Hi Edmonds, That's really like my setup right now. But, as Amos said, the traffic just pass from eth0 to eth1 but don't come to Squid, because it's bridged. Actually, when watching IP nat table, I still found some nat rules show up, but at client-side it still looks direct access. And more strange, if I use an other linux box from LAN to check out by curl -I http://something.com/ it's returned the header fields that has "Via: 1.1 (squid 3.2)". I have no idea why. At this moment, I still don't find more documentation from IPfilter for deeper discovery. ~ Neddie On Tue, Dec 6, 2011 at 12:03 PM, Edmonds Namasenda <namasenda@xxxxxxxxx> wrote: > Hai, > Seems your network set-up is what might be ruining your connection > expectations or the "default gateway" needs a rule (possibly using a > firewall) to direct all HTTP traffic to the squid box rather than to > the internet. > > Otherwise, think of the set-up below (with the Squid box the same as > the Gateway) > > Internet Router >> Eth0 |- Squid box & Default Gateway -| Eth1 >>> Switch >> LAN > > # Edz. > > On Mon, Dec 5, 2011 at 5:14 PM, Nguyen Hai Nam <nam.nh@xxxxxxxx> wrote: >> >> Hi Amos, >> >> You're right, switch is not really true. >> >> But I still can't find the way on Solaris-like system like /proc/sys/net/bridge >> >> >> On Mon, Dec 5, 2011 at 7:25 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >> > >> > >> > "Like a switch"? or or did you really mean "like a bridge"? >> > >> > * switch ... no solution. Switches do not perform the NAT operations >> > required for interception. They also don't run software like Squid, so I >> > think this is a bad choice of word in your description. >> > >> > * bridge ... requires dropping packets out of the bridge into the routing >> > functionality. See the bridge section at >> > http://wiki.squid-cache.org/Features/Tproxy4#ebtables_on_a_Bridging_device >> > >> > Amos -- Best regards, Hai Nam, Nguyen