squid transparency proxy denies access to clients.

[Ronin_tekorei]

Hello good people of Linux Forums
I recently have upgraded my squid to the version 2.6.
Right in the begining encounter problems... It seems this new version changed the way to configure it for a transparency proxy.
After searching in google i have manage to confiruge it to transparent proxy server. But when a user machine tray to navigate throughout the proxy server it give the error of Access Denied. In the access control i have give permisions for him to use the proxy but it not seem to work.
This server have to be giving service just for the internal lan. Service are:
- Access to the internet throughout squid transparent proxy.
- Internal server for: Web page (httpd), Web Mail (webmail of apache server), ftp (vsftd) and Internal DNS (BIND 9.3.4).

[Ronin_tekorei]

So far all work great but the squid does not work. This is the part of log from the file access.log ot the squid while the machine2.internaldomain.home open the mozilla and try to open pages:

Code:

...
1178674986.492    447 192.168.1.2 TCP_DENIED/403 1346 GET http://www.google.com.py/ - DIRECT/64.233.161.104 text/html
1178674988.571    668 192.168.1.2 TCP_DENIED/403 1346 GET http://www.google.com.py/ - DIRECT/64.233.161.147 text/html
...

Now here goes my config for the server =D
Devices configs.
Conection to the internet:

Code:

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
HWADDR=xx:xx:xx:xx:xx:xx
NETMASK=255.255.255.252
IPADDR=172.18.3.30
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=172.18.3.29

Conection to the Internal LAN

Code:

TYPE=Ethernet
DEVICE=eth1
HWADDR=xx:xx:xx:xx:xx:xx
BOOTPROTO=none
NETMASK=255.255.255.0
IPADDR=192.168.1.254
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes

[Ronin_tekorei]

resolv.conf file:

Code:

search tekorei.home
nameserver 127.0.0.1

named.conf

Code:

options {
Directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
query-source address * port 53;
listen-on { 127.0.0.1; 192.168.1.254; };
allow-query { 127.0.0.1; 192.168.1.0/24; };
};
..Deleted content..
zone "internaldomain.home" IN {
type master;
file "data/internaldomain.home.zone";
allow-update { none; };
};

zone "1.168.192.in-addr.arpa" IN {
type master;
file "data/reverse.internaldomain.home.zone";
allow-update { none; };
};
..Deleted content..

[Ronin_tekorei]

internaldomain.home.zone file

Code:

;
$TTL 1D
@ IN SOA server.internaldomain.home. sysadmin.internaldomain.home. (
2007050301 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ) ; Minimum
IN NS server ; Name Server for Internal Domain
IN MX 10 servern ; Mail Exchange server
internaldomain.home. IN A 192.168.1.254
server IN A 192.168.1.254
www IN CNAME   server
ftp IN CNAME   server
mail IN CNAME   server
machine1 IN A 192.168.1.1
machine2 IN A 192.168.1.2

reverse.internaldomain.home.zone file

Code:

;
$TTL 1D
@ IN SOA server.internaldomain.home. sysadmin.internaldomain.home. (
2007050301 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ; Minimum
IN NS server.internaldomain.home.
254 IN PTR server.internaldomain.home.
1 IN PTR machine1.internaldomain.home.
2 IN PTR machine2.internaldomain.home.

[Ronin_tekorei]

squid.conf file

Code:

http_port 3128 transparent
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 3000 16 256
access_log /var/log/squid/access.log squid
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320
acl manager proto cache_object
acl all src 0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl CONNECT method CONNECT
acl network1 src 192.168.1.0/255.255.255.0<--This line was wrong, ot whas set to acl red1. Now it is correct. Updated 9/may/2007
always_direct allow all
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access allow network1
http_access deny all 
http_reply_access allow all
icp_access allow all
error_directory /usr/share/squid/errors/Spanish
coredump_dir /var/spool/squid

[Ronin_tekorei]

iptables config. Default policy are set to accept. No other rules are set besides this ones becose i'm still working on the iptables rules to have default policy to drop.

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 172.18.3.30

I also have configured the internal server for web pages (httpd), dovecot and senmail for internal mail and the vsftpd. If needed i will post the config for each one of this services.
Does someone can help?

I apologies to the Admins for posting replays, it was the only way that i know to put all the data for a good understanding of my problem.