Before describing my problem I'd like to give you some more details
about network where everything happens.

Network :
Default Gateway (for users): (points to local proxy

Server (everything on 1 machine)
eth0: - mail (25,110,995), www (80)
eth0:0 - proxy (8080,3128, 3129)

iptables has few entries in nat table for prerouteing (to network)
Default policy for all iptables chains ( INPUT, OUTPUT, FORWARD: ) is

Default gateway on server :
>From this address packets are sent to network where is

located ours "doors to Internet"

Our second dns is located in

Problem description:

If user's account is configured to use proxy then his access is
controlled through this proxy (squid), but when user has new account
where no proxy is set up then he has direct access outside our network
and no proxy rules are appiled to him.

What's strange when i use traceroute/tracert to any server in Internet
(ie. google.com) i see that packages goes through
(mail), not by proxy ( as it should

My goal is to disable acces to Internet (addresses other than on any addresses other than and enable
access only from I've tried masquerade + some iptables
rules to for blocking.

Thanks for any advice that leads to solve my problem.

Greetings DimmuR