hello,
i,m newbie in slack. i got problem with my iptables. my linux box running as router using squid.

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

when i put this line to my iptables i can browsing direct to internet without put the proxy on my browser n i also can access my isp email server. if i remove that line, i must put proxy setting on my browser & it's running but i can't access email from my isp. so my conclusion when i put that line it will forward all port to internet. i just want allow port 3128,8080,25 & 110 to forwards.

can any body help me how to solved that problem.

That line does not forward any ports or traffic at all. It makes the packets look like they all come from your external IP address. Your private LAN IP addresses can't be routed onto the internet so they need to look like (ie masquerade) they came from your public IP address.

Just about everyone here with a LAN/Linux/bridged modem/Internet setup with private IP addresses on their LAN will have a masquerade line (or some type of address translation) in their iptables setup.

this command will allow everyone to connect to anywhere and to any port. You may not want to do this.

to redirect to squid port (say 3128),

iptables -t nat -I PREROUTING -s ur_local_lan -p tcp -j REDIRECT --to-port 3128

Try something like:
$EXT_DEV is your external facing network device.