Hi Amos, Thanks for reply, I think I got ur point. If I understood correctly, if a user makes request for http://www.wikipedia.org then the client request header should look like: src: client_IP:random_port dst: wikipedia.org(ip_address):http http request: http_request details. (host,url,etc..) and squid should get the packet like that. But since Cisco ISG is in between which seems to be changing the client request header like: src: client_IP:random_port dst: squid_IP:http http request: http_request details. (host,url,etc..) and eventually squid fails to understand where to send http_request. And thats why we should look at cisco ISG config. my iptables config looks like: iptables -t nat -A PREROUTING -s 10.58.200.33 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.58.200.33:3129 iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP Pls comment. Thanks & Regards, Jaykbvt -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/transparent-proxy-original-dst-err-tp4670846p4670856.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
