Hi Jordi Espasa Clofent It isn't fault of SuseFirewall, I think. SuseFirewall is simple front-end for iptables. That line is senseless - FW_REDIRECT_UDP="172.26.0.0/24,0/0,80,3128" Squid and http doesn't use for UDP protocol. You will try it - FW_REDIRECT="192.168.0.0/24,0/0,tcp,80,3128" and that "Dragan Andric" adviced : httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on Finally you can use my hand-make script, you will check that: #!/bin/bash INET_IFACE="eth0" LAN_IFACE="eth1" LAN_IP="172.26.0.1" LAN_IP_RANGE="172.26.0.0/16" LO_IFACE="lo" LO_IP="127.0.0.1" iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT #plohaya cepo4ka iptables -N bad_tcp_packets iptables -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset iptables -N icmp_packets iptables -A icmp_packets -p ICMP --icmp-type 3 -j ACCEPT iptables -A icmp_packets -p ICMP --icmp-type 8 -j ACCEPT iptables -A icmp_packets -p ICMP --icmp-type 11 -j ACCEPT iptables -A icmp_packets -p ICMP -j DROP iptables -N tcp_packets iptables -A tcp_packets -p TCP --dport 22 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 21 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 3128 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT iptables -A tcp_packets -p TCP -j DROP iptables -N udp_packets iptables -A udp_packets -p UDP --destination-port 53 -j ACCEPT iptables -A udp_packets -p UDP -j DROP iptables -A INPUT -p tcp -j bad_tcp_packets iptables -A INPUT -p ALL -i $LO_IFACE -j ACCEPT iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p ICMP -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT iptables -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets iptables -A INPUT -p TCP -i $LAN_IFACE -s $LAN_IP_RANGE -j tcp_packets iptables -A INPUT -p TCP -i $INET_IFACE -j DROP iptables -A INPUT -p UDP -i $LAN_IFACE -s $LAN_IP_RANGE -j udp_packets iptables -A INPUT -p UDP -i $INET_IFACE -j DROP iptables -A FORWARD -p TCP -j bad_tcp_packets iptables -A FORWARD -i $LAN_IFACE -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #Transpent proxy iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 3128 iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3128 iptables -t nat -A PREROUTING -p tcp --dport 8081 -j REDIRECT --to-port 3128 Good luck! -- Best wishes, Vlad.