We have squid/dansguardian set up to prevent users from doing illicit things on the internet. I have a little machine that hosts three webservers behind the squid box. Two of the Webservers - they resolve to internal IP's (10.10.x.x) but the thrid that has an external IP does not work, but only from the subnet that squid is running on:

For example The subnet of my building: 10.10.1.0/24
Intranet sites at 10.10.1.5 and 10.10.1.20 are ok (the DNS resolves fine as well).
The site with the external IP generates this: The following error was encountered:
* Connection to x.x.x.x [x replaces the actual ip so I don't get mad haaxed] Failed
The system returned:
(111) Connection refused
The remote host or network may be down. Please try the request again.
Your cache administrator is zackf


I use virtual hosting on the box running apache, this used to work when the site that's not working resolved as internal DNS (intranet only), but now that it's external it's not.

From other subnets on our network it's fine though. Down the street at 10.10.2.0/24 they mock me because it works for them. That's why I think this is squid related, not DNS (plus x.x.x.x is the correct DNS resolution).

So now squid and users are mocking me. It's horrible.

I think I may have missed an httpd_accel option in /etc/squid/squid.conf but if I change one the whole thing borks so either I'm doing it wrong, or missing some syntax somewhere. I invite anyone's opinion on this matter while I change the password of those who mock me.