At work we have a debian sarge as Proxy running Squid with three nics (eth0 -10.0.0.3, eth1 - 10.4.102.2 and eth2 - 10.14.8.2). The idea is that traffic to 10.2.0.0 and 10.10.0.0 pass trough 10.4.102.2, and internet traffic trough 10.0.0.3.

Problem is that entire LAN cannot reach a remote host (10.2.0.4) needed for accounting applications.

Below is routing table

Destination Gateway Genmask Flags Metric Ref Use Iface
10.4.102.0 10.4.102.1 255.255.255.0 UG 0 0 0 eth1
10.4.102.0 * 255.255.255.0 U 0 0 0 eth1
localnet * 255.255.248.0 U 0 0 0 eth2
10.2.0.0 10.4.102.1 255.255.0.0 UG 0 0 0 eth1
10.10.0.0 10.4.102.1 255.255.0.0 UG 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth0
default 10.0.0.2 0.0.0.0 UG 0 0 0 eth0



10.14.8.0 10.14.8.2 10.2.0.4
LAN SQUID Remote Host


There are no iptables rules neither

firewall:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


If I ping 10.2.0.4 get a response but from LAN, no way.


Any hint will be appreciated.

If I ping 10.2.0.4 get a response but from LAN, no way.


But 10.2.0.4 is an IP address from your LAN, not from the internet...

Goverment agencies are interconnected trough fiber optics ring here, that's why everyone has a proxy/firewall between ring and internal network.
That's the reason I mentioned 10.2.0.4 as a remote host, because reach there trough the fiber optics ring.

For a better explanation...
http://img467.imageshack.us/img467/9214/esquemamcye9cb.gif

Can you make sure that 10.2.0.4's firewall isn't blocking requests?

well, certainly yes