Adam , Thanks a lot for your response . I used sniffer tool to catch the packet in both Poly graph Server (10.56.233.99) and Squid server side (198.18.24.3). I could see 198.18.24.3 send out SYNs, they SYNs were also could be captured in PolyServer(10.56.233.99) side , but no ack were genenated by the 10.56.233.99 server . But if no NAT or we only run single squid , no such scenario will orrured .. Do you or any other guys know how to check the RedHat Linux OS TCP related log ? I really have no idea on this problem , so wanna check whether this is the OS /TCP realated issu . Thanks !!! Nice weekend ! -Arkin On Fri, Jul 25, 2008 at 12:14 PM, Adam Carter <Adam.Carter@xxxxxxxxxxxx> wrote: > >> > part of netstat -na in squid2 output like following: >> > tcp 0 1 198.18.24.3:46304 10.56.233.99:9999 >> > SYN_SENT > > This shows that 198.18.24.3 cant communication with 10.56.233.99, so assuming no firewalling, you have a routing problem (which could be a NAT problem). Run a sniffer on 10.56.233.99, > - if you don't see the SYNs coming in, then 198.18.24.3 cant route to 10.56.233.99 > - if you see the SYNs come in and 10.56.233.99 reply with syn/ack, then you have a routing problem from 10.56.233.99 to 198.18.24.3. > > Remember you need to have 2 routes to get TCP working - one to the server and one to the client. If you NAT then you'll need route(s) for the NATed addresses as well. > >