Then its more a question how to setup iptables, the clients and HAVP. However, why HAV first ? This has the danger of squid caching infected files. And HAV will scan cached files over and over again. Then squid will be an upstream proxy of HAV. IF HAV supports parent proxies, then squid should have no problem. But this then either needs a proxy.pac for the clients browsers or explicit proxy config for the clients browsers. This would be the easier path. When this works, then to think about using ipt with explicit routing of all packets to HAV-box. And back, so you have to consider NAT. I am not fit enough in ipt, so I would keep it simple: client-PC-----squid-----HAV------web And the transparent setup for squid is well documented. PS: Grafik ist etwas klein :-) -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Securing-squid3-tp4658495p4658501.html Sent from the Squid - Users mailing list archive at Nabble.com.
