My network diagram :

+++Internet+++--------------+++Modem+++---------++eth0||||eth1++----------+Lan+--

My server has have roles: Linux gateway, DHCP, Squid proxy, DNS.
This is the rc.firewall script:

==============================================
#
# eth0: Localnet
# eth1: Internet
#
# Enable ip masquerading in the kernel
echo > 1 /proc/sys/net/ipv4/ip_forward
#
# Run iptables depend your locations
IPTABLES=/sbin/iptables
#
# prepare module necessary for iptables
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
#
# no need at that time
#
#/sbin/mod_probe ipt_owner
#/sbin/mod_probe ipt_REJECT
#/sbin/mod_probe ipt_MASQUERADE
#/sbin/mod-probe ip_contrack-irc
#/sbin/mod_probe ip_nat_ftp
#/sbin/mod_probe ip_nat_irc
#
# Flush all rule in iptables
iptables -F
iptables --delete-chain
iptables -t nat --delete-chain
iptables -t nat --flush
#
iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT
#
iptables -A FORWARD -d 192.168.0.0/16 -j ACCEPT
#
iptables -t nat -A POSTROUTING -d ! 192.168.0.0/16 -j MASQUERADE
#
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

=========================================================

with the script above, my firewall will allow all trafic in local network. With traffic wants go outside Internet, they will reach SQUID proxy (policy internet applied here). However i get the problems:
- When the rc.firewall script is applied, nothing will work: Client can't access Internet, can't ping linux gateway (DHCP server), however client can ping together (client is assigned IP from DHCP server) .
- In case, i flush all rule in my iptables, exclude the "
=====
iptables -t nat -A POSTROUTING -d ! 192.168.0.0/16 -j MASQUERADE
#
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
======
It still isn't work.

I only want my client can access Internet to check mail POP3, web surfing. All will be drop. And full permission in local network.

Please help me solve the problem.

In cases like that I use QuickTables avail. from qtables.radom.org It's easy and will generate a well documented rc.firewall for you. You can edit it from there if you need. It supports Squid as well. It also has a feature to allow you to temp. or perm. block sites, without any pain at all

May also want to check on the route command. Somebody told me how to do that once. It was a while ago and I can't recall the exact thing but it was route ******.

Sorry I am no more help than that.

Later

noone anwser my question
Please help me.