Sorry for the mangled format.: *** squid.config *** acl localnet src 192.168.0.0/16 acl localnet src fc00::/7 acl localnet src fe80::/10 acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT always_direct allow all ssl_bump server-first all sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/spool/squid/ssl_db -M 4MB sslcrtd_children 5 sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access allow localnet manager http_access deny manager http_access allow localnet http_access allow localhost http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/pki/certs/squid.crt key=/pki/private/squid.key coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 *** iptables.rules *** *nat :PREROUTING ACCEPT :INPUT ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT -A POSTROUTING -o wan0 -j MASQUERADE COMMIT *filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i lan0 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 3128 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT -A INPUT -d 224.0.0.251/32 -p udp -m state --state NEW -m udp --dport 5353 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -p icmp -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -i lan0 -j ACCEPT -A FORWARD -o wan0 -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT