The setup is something like this; Internet User->Public IP->Firewall->NAT->Squid->Web Server > Assuming the squid box is inside your firewall then your firewall policy is > incorrect. It should not allow connections from the internet to your squid > box. Depending on how your network's setup that's usually the simplest > thing to change. Squid is inside of the network, with the web servers it is to cache traffic for. Connections would come into the network, convert to NAT on the inside, hit squid, then squid would get the data from the web server/s. Does this better explain my setup?