Hi, in a LAN setup, there's a fairly current squid proxy running (3.5.17), which is NOT on the firewall, while the FW is located on a low end system running an older openSUSE with SuSEfirewall2. FW_DEV_EXT="dsl0" FW_DEV_INT="eth0" e.g. the usual simple DSL <-> masqueraded LAN setup. Using the xxxx_proxy environment settings work fine with collaborating systems, but I would like to force all local systems through the squid. I tried to add something similar to /etc/sysconfig/scripts/SuSEfirewall2-custom: iptables -t nat -A PREROUTING -i eth0 -s ! squid-server -p tcp --dport 80 -j DNAT --to squid-server:3128 iptables -t nat -A POSTROUTING -o eth0 -s local-net -d squid-server -j SNAT --to 172.16.23.1 iptables -A FORWARD -s local-net -d squid-server -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT in the fw_custom_after_antispoofing hook, and others, but failed so far. Source: http://tldp.org/HOWTO/TransparentProxy-6.html Any other way to archive something similar is welcomed of course, e.g. redirect 0/0:80 to squid-server:3128, but squid-server itself. Thanks, Pete -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org