Hello, We've just started running transparent proxying under 1.2.beta23 and aren't sure if its working correctly or not. Everything seems to be redirecting but watching it with a port sniffer such as iptraf there are still some incoming port 80 requests to the dial-in clients modems. Below is our current config, could anyone tell me if we're on the right track here and does it look right ?? The box is running linux 2.0.29 with all the firewall options compiled into the kernel as on the FAQ on the squid pages. ipfwadm is installed and redirecting port 80 to 8080 after our cisco 2503 blocks and redirects port 80 to the squid box as in the Squid FAQ's. Cisco 2503 config: ! interface Ethernet0 ip address 203.25.137.47 255.255.255.0 no ip directed-broadcast no ip mroute-cache ip policy route-map proxy-redir ! access-list 110 deny tcp host 203.25.137.48 any eq www access-list 110 permit tcp any any eq www route-map proxy-redir permit 10 match ip address 110 set ip next-hop 203.25.137.48 ! We originally had the accept from our own ip command below in ipfwadm as well but turned it off to try and get it going as it was redirecting to the squid box from the cisco but not going any further than that: ipfwadm config on squid box under /etc/rc.d/rc.local # Accept all on loopback ipfwadm -I -a accept -W lo # Accept my own IP, to prevent loops (repeat for each interface/alias) # ipfwadm -I -a accept -P tcp -D 203.25.137.48/0 80 # Send all traffic destinated to port 80 to Squid on port 8080 ipfwadm -I -a accept -P tcp -D 0/0 80 -r 8080 output from ipfwadm: IP firewall input rules, default policy: accept type prot source destination ports acc all anywhere anywhere n/a acc/r tcp anywhere anywhere any -> www => 8080 Relevant lines in squid.conf: http_port 8080 icp_port 3130 htcp_port 4827 cache_peer essex.powerup.com.au parent 8080 3130 cache_peer_domain essex.powerup.com.au !globec.com.au !ecb.com.au cache_peer essex2.powerup.com.au parent 8080 3130 cache_peer_domain essex2.powerup.com.au !globec.com.au !ecb.com.au httpd_accel_host virtual #httpd_accel_port 8080 ( we had this on above but it appended :8080 to outgoing addresses when proxys were turned off in the clients browser ??) httpd_accel_with_proxy on httpd_accel_uses_host_header on