As I said in my initial post, I have read every word of Squid's FAQ on the matter, and I have my iptables set up properly: root@filter:~# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:www redir ports 3128 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@filter:~# I have no expectation that we will be filtering SSL. There was a post on the matter earlier, from someone else. Perhaps, you are confusing the two. Although, I do appreciate your attention and willingness to try and help. Where I've run into trouble is it seems as though I have everything setup properly. Squid works if you connect directly to it. The GRE tunnel establishes a connection to the router. Squid registers itself with the router and is recognized. Traffic is forwarded to the Squid box. I've verified this with Ethereal; with Squid not registered with the router, eth0 doesn't see traffic from my browser. With Squid registered with the router, I see the traffic on eth0, but nothing more ever happens... -Erik On 11/1/06, JT Moree wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Erik Bixby wrote: > > SquidGuard runs fine. With a browser configured to use the proxy > > directly, everything works. It's only when trying to intercept > > traffic that things fall down. I can get the packets from the client > > to the web server to either the Ethernet or GRE virtual interface on > > the Squid box, but Squid does nothing with them. That is my problem; > > how to get Squid to act on HTTP requests that are neither originated > > from nor destined for it. > > huh? Try using the firewall on the squid box to forward incoming > traffic for port 80 to the squid port. Unless you are running squid at > port 80--which is possible I suppose. > > If you are trying to automatically forward port 443 (ssl) i don't think > that will work. ssl traffic will need to use the proxy setup in the > browser. > > If I understand what you are trying to do it involves more than just > squid to do it. Probably need to re-direct all port 80 traffic that is > not from the squid box to the squid box on the real firewall. Then > allow squid box to access port 80 through the firewall. > > Is the proxy server (squid) the same as the firewall? same principles > apply just on one machine rather than over the network. > > - -- > JT Morée > PC Xperience, Inc. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFSRc61JwGi/ukQqERAknMAKCtam7ERmuApzoJDvWFQB5TaWlr/ACg00MG > 2/JopxMfDzXeYudhm+B+mJc= > =WndH > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss