i want replace my cisco pix firewall with linux box for gateway , site blocking etc.

squid(non transparent) work's fine for http connections but some applications ( connects to remote computer over internet) with port 8000 for example ,not work anymore.i make entrys in squid.conf for safe_ports ACL and still don't work.

my iptables configuration is very simple. accept all connections from local network and localhost to outside ..drop all incoming connections from outside ( internet).

how can i solve this? how can my application that uses port 8000 connect to remote computer that listen on port 8000.

thanks

from what you said you iptables may be wrong you cant drop everything come in to your box because the remote access you are connecting to wont be able to get in try removing your firewall and try again if you dont mind paste your firewall script so we can see
when you flush your firewall leave squid and try if it doesnt work try it without squid

my current iptables rule

*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT


*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT ! -i ppp0 -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED -j ACCEPT
COMMIT

*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT


there is a NAT entry.with this entry all is okey ,have no problems with some applications must connect to remote computers but users can pass proxy by removing proxy settings on explorer. users can surf with proxy settings and without.