I'm running an AP-Hotspot server(coovachilli, freeradius, squid, etc.) with two NIC(eth0 and eth1). eth0 is for WAN(internet) and eth1 is for managing LAN(APs). Coovachilli is created tun0 under the eth1 interface. I'm using squid3 as an HTTP transparent proxy. Hardware Setup Diagram <https://i.stack.imgur.com/sKF9e.png> *SQUID.CONF:* http_port 3128 http_port 3127 intercept *IPTABLES Filter & Nat Rules(similar):* -A PREROUTING -s 10.1.0.0/24 ! -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3127 #redirect http to squid intercept port -A POSTROUTING -o eth0 -j MASQUERADE -A PREROUTING -s 10.1.0.0/24 -d 10.1.0.1/32 -p tcp -m tcp --dport 3127 -j DROP #drop direct attempts to proxy intercept port -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A INPUT -i eth1 -j DROP -A INPUT -d 10.1.0.1/32 -i tun0 -p icmp -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3128 -j ACCEPT # opening squid port -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3127 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -d 10.1.0.1/32 -i tun0 -j DROP -A FORWARD -i tun0 -o eth0 -j ACCEPT -A FORWARD -i tun0 ! -o eth0 -j DROP -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -o tun0 -j ACCEPT -A FORWARD -i tun0 -j ACCEPT -A FORWARD -o eth1 -j DROP -A FORWARD -i eth1 -j DROP HTTPS connection from AP side is working as in squid don't intercept it, but HTTP connection doesn't work. Squid_3.4.8_Debian starts normally(active/running), no error in cache.log. If I change squid configuration(http_port 3127 accel vhost allow-direct) to reverse proxy, it works. I need a transparent proxy to work. Please help me to figure it out. Thanks. -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users