> > part of netstat -na in squid2 output like following: > > tcp 0 1 198.18.24.3:46304 10.56.233.99:9999 > > SYN_SENT This shows that 198.18.24.3 cant communication with 10.56.233.99, so assuming no firewalling, you have a routing problem (which could be a NAT problem). Run a sniffer on 10.56.233.99, - if you don't see the SYNs coming in, then 198.18.24.3 cant route to 10.56.233.99 - if you see the SYNs come in and 10.56.233.99 reply with syn/ack, then you have a routing problem from 10.56.233.99 to 198.18.24.3. Remember you need to have 2 routes to get TCP working - one to the server and one to the client. If you NAT then you'll need route(s) for the NATed addresses as well.
