hi all again my first question related wiht "http access - fixing DNAT port forwarding access from internal networks" was answered successfully, since it is working fine, thanks to all that could help ;) now i happen to have a proxy server running on the same machine as the web server, and i would like to block incoming traffic to my web server from addresses wich are not portuguese. i already got a list of the ip ranges and net masks of all autonomous systems located in portugal. i first tried to accept all those ip ranges, and then droped all other incoming. what happens is that proxy will accept connections only from those ip ranges i accepted initialy ( the postuguese ones). Let´s say i'm trying to connect to hotmail.com. i won't work since that ip range is not being accepted. is there a way to accept connections related with previous conections made to this machine to por 3128 (squid default port)? i want to accept conections that even if they do not match with ipranges i'm accepting, they're related with a previous connection made to the proxy server, related with proxy port whatever it'll be ;)) i'm aware this can not be this easy... but still believe there is a way out :)) [][] thank you all skydive! ------------------------------------------------- Email Enviado utilizando o serviço MegaMail
