I've managed to configure a LVS Cluster to act as a transparent proxy squid farm, with a virtual server as load balancer, and three real servers. Because redirecting packets going to port 80 to port 3128 of squid in the load balancer doesn't works, the solution has a mix of ip route and iptables. Here is the script I wrote to configure transparent proxy. #!/bin/bash #Transparent proxy configuration #Variables VIP=192.168.18.10 WEB=80 SRV01=192.168.18.40 SRV02=192.168.18.41 SRV03=192.168.18.42 #Packet marking iptables -t mangle -F iptables -t mangle -A PREROUTING -p tcp --dport $WEB --dst ! $VIP -j MARK --set-mark 2 #Routing table creation if [ $(grep -sq 'www\.out' /etc/iproute2/rt_tables) ]; then echo "Table exists" else echo "202 www.out" >> /etc/iproute2/rt_tables fi #Clean tables and rules ip rule del prio 100 fwmark 2 table www.out ip route flush table www.out #Routing of marked packets ip rule add prio 100 fwmark 2 table www.out ip route add table www.out to local 0/0 dev lo ip route flush cache #ipvsadm rules ipvsadm -A --fwmark-service 2 ipvsadm -a --fwmark-service 2 --real-server $SRV01 --gatewaying ipvsadm -a --fwmark-service 2 --real-server $SRV02 --gatewaying ipvsadm -a --fwmark-service 2 --real-server $SRV03 --gatewaying As you can see, I mark all packets not directed to the virtual server itself, to port 80 with 2, and then route all those marked packets to the loopback interface. With ipvsadm I forward the marked packets to the real servers. In the real servers there's a rule in the prerouting chain to redirect those packets to port 3128 I'm using pulse service to start lvs, and would like to add the ipvsadm rules to the /etc/sysconfig/ha/lvs.cf, so they are issued by pulse at startup. I can't figure out how to do it. When I try to start pulse, it fails because i left the address field empty. But this service is not tied to any address, I just want the fwmark match to forward the packets to the real servers. I also have dns in this lvs cluster. Any suggestion about how I can add my ipvsad rules to the lvs.cf file? -- Enrique Verdes <EVerdes at conatel.com.uy> Depto. de Ingeniería - CONATEL S.A. Este mensaje es privado y confidencial y tiene como único destinatario la persona a la que va dirigida. La responsabilidad de su contenido es del remitente y no de CONATEL. Si usted ha recibido este mensaje por error, tenga presente que le está prohibido revelarlo, copiarlo o distribuirlo, debiendo avisar de inmediato al remitente y borrarlo de su sistema. El error de transmisión no implica renuncia a la privacidad y confidencialidad. This email is private and confidential and intended solely for the use of the individual to whom it is addressed. The responsibility of its content is the sender's and not CONATEL'S. If you have received this email by mistake please notify the sender immediately and delete it from your system. Its disclosure, copy or distribution is absolutely forbidden. The transmission error does not imply a waiver of privacy and confidentiality.