Hello!!

Before describing my problem I'd like to give you some more details
about network where everything happens.

Network : 192.168.1.0/24
Default Gateway (for users): 192.168.1.248 (points to local proxy
serwer)

Server (everything on 1 machine)
eth0: 192.168.1.249 - mail (25,110,995), www (80)
eth0:0 192.168.1.248 - proxy (8080,3128, 3129)

iptables has few entries in nat table for prerouteing (to
192.0.0.0/8 network)
Default policy for all iptables chains ( INPUT, OUTPUT, FORWARD: ) is
ACCEPT

Default gateway on server : 192.168.1.254
>From this address packets are sent to 192.0.0.0/8 network where is

located ours "doors to Internet"


Our second dns is located in 192.168.0.253

Problem description:

If user's account is configured to use proxy then his access is
controlled through this proxy (squid), but when user has new account
where no proxy is set up then he has direct access outside our network
and no proxy rules are appiled to him.

What's strange when i use traceroute/tracert to any server in Internet
(ie. google.com) i see that packages goes through 192.168.1.249
(mail), not by proxy (192.168.1.248) as it should

My goal is to disable acces to Internet (addresses other than
192.0.0.0/8) on any addresses other than 192.168.1.248 and enable
access only from 192.168.1.248. I've tried masquerade + some iptables
rules to for blocking.

Thanks for any advice that leads to solve my problem.

--
Greetings DimmuR