Jordi, Please check did you setup squid properly as well. You need to uncomment and put the following directives with values in squid.conf httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on Happy new year. Regards, Dragan Andric -----Original Message----- From: Jordi Espasa Clofent [mailto:jespasac@yahoo.es] Sent: Wednesday, December 28, 2005 1:18 PM To: suse-security@suse.com Subject: [suse-security] Redirect traffic for transparent proxy Hi all, I'm trying to set up a machine with proxy-cache (Squid 2,5 STABLE); the setting process is well-documented, but I've found a trouble when I want redirect the traffic for transparent proxy. My goal is obvious: redirect all traffic from port 80 (the clients) to port 3128 (the proxy in the server) to set up transparent proxy. The structure is: Server eth0 -- connection to internet 192.168.1.2 (EXT) eth1 -- connection to LAN 172.26.0.1 (INT) Client eth0 -- connection to eth1 Server 172.26.0.x (where x is 2+) 1) In SuSE manual, the syntaxis of redirected traffic is (page 763 of Reference Guide SuSE 10.0): FW_REDIRECT_TCP="172.26.0.0/24,0/0,80,3128" FW_REDIRECT_UDP="172.26.0.0/24,0/0,80,3128" 2) In the /etc/sysconfig/SuSEfirewall2 the comments of section 14 (¿whereis section 15???) says the same line both protocols, TCP and UDP. So, the correct syntaxis should be: FW_REDIRECT="172.26.0.0/24,0/0,80,3128" 3) Both syntaxis (1 & 2) doesn't works in my server. Even I've tried to do it with iptables: iptables -t nat -A PREROUTING -i $INTERFACE -p tcp --dport 80 -j REDIRECT --to-port 3128 Apparently squid works fine; if I test without transparent proxy (setting the client browsers to port 3128 directly) there isn't problems. The trouble is redirect traffic. -- Salut, Jordi Espasa -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here