As suggested, a simple case of RTFM - I should know better by now! I'd had squid itself working from some time and hence dived straight past this bit of the HOWTO and into Ipchains without modifying my squid.conf.. Thanks to those who responded. Toby. It is a joy to work with an operating system and products where a support call means a solution and not a feeble conversation with Gavin from marketing at you expense.. -----Original Message----- From: Ounsted, Toby [mailto:[EMAIL PROTECTED]] Sent: 20 April 2000 14:56 To: '[EMAIL PROTECTED]'; 'Squid Mailing List' (E-mail) Subject: Weird IPCHAINS and SQUID problem This one's starting to give me a headache.. - using ipchains for transparent proxying, the address section gets ripped out of URLs.. I'm trying to get Squid to be a transparent proxy by setting my linux box as the default gateway and forwarding from port 80 to port 3128 as per the Transparent Proxy howto. I've previously been using squid quite happily, going directly to port 3128 - it works a treat. set IPV4 forwarding and defragmentation, and set ipchains rules as follows: (the server's called 'internet').. [root@internet sysconfig]# ipchains -L Chain input (policy ACCEPT): target prot opt source destination ports ACCEPT tcp ------ anywhere internet any -> www ACCEPT tcp ------ anywhere internet.psgint.com any -> www REDIRECT tcp ------ anywhere anywhere any -> www => 3128 Chain forward (policy ACCEPT): Chain output (policy ACCEPT): If I turn of the proxy settings in the browser (i.e. try to go direct) the address of the site I'm trying to hit seems to get mashed. For example, I try and go to http://www.wideopen.com/story/757.html <http://www.wideopen.com/story/757.html> Squid responds with: ERROR The requested URL could not be retrieved While trying to retrieve the URL: /story/757.html </story/757.html> The following error was encountered: Invalid URL Etc. So it's as though the first part of the URL got murdered. The squid access log looks similar: 956237322.768 0 194.70.6.99 NONE/400 1075 GET /story/757.html - NONE/- - Software: MSIE5 browser, RH6.1, Squid2.2Stable4 supplied with RH6.1. Stock kernel which already has Ipchains support built in. Something's getting somewhere for squid to even be having a go - but the address isn't. TCPDump is also interesting (pooter is the client) as something is chattering to 206.132.41.223.www (which is wideopen.com for the purposes of this test) - despite squid's announcement that it had all gone wrong: [root@internet sysconfig]# !tcp tcpdump 'port 80' Kernel filter, protocol ALL, datagram packet socket tcpdump: listening on all devices 14:48:45.778563 eth0 < pooter.psgint.com.2608 > 206.132.41.223.www: S 2900626:2900626(0) win 8192 <mss 1460> (DF) 14:48:45.778637 eth0 > 206.132.41.223.www > pooter.psgint.com.2608: S 2802009305:2802009305(0) ack 2900627 win 30660 <mss 1460> (DF) 14:48:45.778774 eth0 < pooter.psgint.com.2608 > 206.132.41.223.www: . 1:1(0) ack 1 win 8760 (DF) 14:48:45.779095 eth0 < pooter.psgint.com.2608 > 206.132.41.223.www: P 1:294(293) ack 1 win 8760 (DF) 14:48:45.779129 eth0 > 206.132.41.223.www > pooter.psgint.com.2608: . 1:1(0) ack 294 win 30660 (DF) 14:48:45.780024 eth0 > 206.132.41.223.www > pooter.psgint.com.2608: P 1:1076(1075) ack 294 win 32120 (DF) 14:48:45.780230 eth0 > 206.132.41.223.www > pooter.psgint.com.2608: F 1076:1076(0) ack 294 win 32120 (DF) 14:48:45.781174 eth0 < pooter.psgint.com.2608 > 206.132.41.223.www: F 294:294(0) ack 1076 win 7685 (DF) 14:48:45.781237 eth0 > 206.132.41.223.www > pooter.psgint.com.2608: . 1077:1077(0) ack 295 win 32119 (DF) 14:48:45.781230 eth0 < pooter.psgint.com.2608 > 206.132.41.223.www: . 295:295(0) ack 1077 win 7685 (DF) So - suggestions welcome! It's got me.. Thanks, Toby. -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject. -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.