Thank you Togan and Joe, I have taken your hints and changed some variables as follows: FW_MASQ_NETS="192.168.0.0/16" FW_SERVICES_EXT_TCP="ssh" FW_SERVICES_INT_TCP="139 3128 http" FW_SERVICES_INT_UDP="137 138" (Oh yes, I have two NICs, and I think 192.168.0.0/16 is the correct network in my case.) This works with squid as a non-transparent proxy, if I set FW_REDIRECT="". However, if I set FW_REDIRECT="192.168.0.0/16,0/0,tcp,80,3128", not the full URL is transmitted from the client to squid. more precisely, the protocol and hostname parts are truncated. So squid bails out with errors like
While trying to retrieve the URL: / http://www.google.de/imghp?hl=en&tab=wi&q=
The following error was encountered: Invalid URL
I haven't fiddled with the squid.conf, except for these two lines acl our_networks src 192.168.1.0/24 192.168.2.0/24 http_access allow our_networks I'm scanning the SuSEfirewall guide right now, but it's a long document, and I haven't found any tips on situations like mine on first glance. So if anyone came up with a pointer, I'd be grateful. Helge