Could you provide some information about what the end result you are looking for? E.g. where are the clients, where are the origin servers / internet, which network paths should be transparent?
Unfortunately I am on vacation this week and so will not be particularly responsive. My first comment would be that I have had not much success with using "socket" in my iptables rules. I think --sport 80 is better. One problem is that SYN/ACK may not be considered on a socket because it has not yet been established. You seem to have a lot of rules in your ip rule list - why check for the all the interfaces if you are also just checking on the firewall mark? Tuesday, June 5, 2012, 10:46:25 AM, you wrote: > This is the ifconfig for our machine. We are trying to configure tproxy again > on our machine.
