>any other ideas? Well your problem should be the simplest to diagnose. Does User1's pc have direct access to the internet? Is his proxy setting configured correctly? Is his ip in the 10.100.30.0/255.255.255.0 network? I still think your acl's aren't right, you deny localhost then allow *after*? Check the wiki, or pull an rpm/src down and start with a default config and start modifying from there. jlc
