Hello, I have searched and read until I wanna bang my head. What I want squid to do: I have 6 internet computers that will access the internet (they have static ip's) and 2 homework computers (also static) that will only have access (whitelist) to a couple of websites (www.tutor.com for example). I am running squid 2.6.Stable3. My squid.conf looks like this: "#Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT" a bunch of comments, then: "#Recommended minimum configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks acl scorpio src 192.168.5.21 http_access allow scorpio # And finally deny all other access to this proxy http_access deny all" In this configuration I get "access denied" to any website I go to. When I change "http_access allow all" obviously everything works. So I enabled "debug_options All,1 28,9" and this is what I get: "2006/09/01 11:05:33| Reconfiguring Squid Cache (version 2.6.STABLE3)... 2006/09/01 11:05:33| FD 9 Closing HTTP connection 2006/09/01 11:05:33| FD 11 Closing ICP connection 2006/09/01 11:05:33| DNS Socket created at 0.0.0.0, port 32775, FD 8 2006/09/01 11:05:33| Adding nameserver 192.168.5.5 from /etc/resolv.conf 2006/09/01 11:05:33| Adding nameserver 192.168.5.7 from /etc/resolv.conf 2006/09/01 11:05:33| Accepting proxy HTTP connections at 192.168.5.249, port 3128, FD 9. 2006/09/01 11:05:33| Accepting ICP messages at 0.0.0.0, port 3130, FD 11. 2006/09/01 11:05:33| WCCP Disabled. 2006/09/01 11:05:33| Loaded Icons. 2006/09/01 11:05:33| Ready to serve requests. 2006/09/01 11:05:46| aclCheckFast: list: 0x926b228 2006/09/01 11:05:46| aclMatchAclList: checking all 2006/09/01 11:05:46| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0' 2006/09/01 11:05:46| aclMatchIp: '192.168.5.249' found 2006/09/01 11:05:46| aclMatchAclList: returning 1 2006/09/01 11:05:47| aclCheck: checking 'http_access allow manager localhost' 2006/09/01 11:05:47| aclMatchAclList: checking manager 2006/09/01 11:05:47| aclMatchAcl: checking 'acl manager proto cache_object' 2006/09/01 11:05:47| aclMatchAclList: no match, returning 0 2006/09/01 11:05:47| aclCheck: checking 'http_access deny manager' 2006/09/01 11:05:47| aclMatchAclList: checking manager 2006/09/01 11:05:47| aclMatchAcl: checking 'acl manager proto cache_object' 2006/09/01 11:05:47| aclMatchAclList: no match, returning 0 2006/09/01 11:05:47| aclCheck: checking 'http_access deny !Safe_ports' 2006/09/01 11:05:47| aclMatchAclList: checking !Safe_ports 2006/09/01 11:05:47| aclMatchAcl: checking 'acl Safe_ports port 80 # http' 2006/09/01 11:05:47| aclMatchAclList: no match, returning 0 2006/09/01 11:05:47| aclCheck: checking 'http_access deny CONNECT !SSL_ports' 2006/09/01 11:05:47| aclMatchAclList: checking CONNECT 2006/09/01 11:05:47| aclMatchAcl: checking 'acl CONNECT method CONNECT' 2006/09/01 11:05:47| aclMatchAclList: no match, returning 0 2006/09/01 11:05:47| aclCheck: checking 'http_access allow scorpio' 2006/09/01 11:05:47| aclMatchAclList: checking scorpio 2006/09/01 11:05:47| aclMatchAcl: checking 'acl scorpio src 192.168.5.21' 2006/09/01 11:05:47| aclMatchIp: '192.168.5.249' NOT found 2006/09/01 11:05:47| aclMatchAclList: no match, returning 0 2006/09/01 11:05:47| aclCheck: checking 'http_access deny all' 2006/09/01 11:05:47| aclMatchAclList: checking all 2006/09/01 11:05:47| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0' 2006/09/01 11:05:47| aclMatchIp: '192.168.5.249' found 2006/09/01 11:05:47| aclMatchAclList: returning 1 2006/09/01 11:05:47| aclCheck: match found, returning 0 2006/09/01 11:05:47| aclCheckCallback: answer=0" There is a few things in their I don't get. Maybe somebody does and can tell me I am missing something simple? Thank you. Jason
