squid server blocking http

[mister]

i have downloaded squid proxy server in my gentoo server i have configured it and then i have configured my iptables .
the configuration of squid.conf is as follow

http_port 192.168.3.1:8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi_bin \?
no_cache deny QUERY
cache_mem 100 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/cache/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
hosts_file /etc/hosts
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
visible_hostname server
acl our_networks src 192.168.3.0/24
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
memory_pools on
forwarded_for off
coredump_dir /var/cache/squid

and the configurations of my iptables are as follow

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.1:8080
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

i have two cards in my server
eth0 192.168.3.1 (for LAN)
eth1 192.168.1.1 (for internet) and i took the internet from access point and the ip address is 192.168.55.106 have given to eth1

then when i try to enter any http site it give error and i cant enter but when im trying to open my msn messenger it works well

so any body can help me

[cyberinstru]

Hey, From the squid conf file, your proxy is listening on 192.168.3.1:8080, i.e., on your LAN interface (eth0).

And from the iptables rules, TCP traffic destined to port 80 are redirected to 192.168.1.1:8080, i.e., your WAN interface (eth1), on that no proxy is running. So that your web traffic is getting rejected...

n of squid.conf is as follow

http_port 192.168.3.1:8080
hierarchy_stoplist cgi-bin ?
ns of my iptables are as follow

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.1:8080
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080

Either change your iptables rules or make ur squid to listen on WAN interface (that is bad idea!!!)

Hope I understood ur problem correctly and my reply is apt...

Have fun