Henrik Nordstrom wrote: > Don't NAT, just route the packets via a different route (policy > routing).
What do you mean? > > If there is other routers inbetween the interception point and the > Squid box then use a GRE tunnel, if not direct routing. > > For reliable session routing in iptables you can use the CONNMARK > module. See iptables patch-o-matic extras. > I'm in the midst of recompiling the kernel with Connmark module enabled. Perhaps this might be able to help me figure this transparent proxy out. Thanks!
