takes the action you specified. Going by that, web traffic from 192.168.1.1 should never see the second rule. After adding this rules, everything seemed to be working. I could access the web from the proxy server (with and without going through squid) and from my desktop. Yay I thought. Then I stopped squid, and tried pulling up a web page, and it still worked, so obviously my web traffic didn't get redirected to squid. So perhaps I was having a delusional moment instead of a genuis moment while sitting in traffic last night. Can anyone see why this wouldn't work? Can you see how it would work? Andrew S. Zbikowski | Home: 763.591.0977 http://www.ringworld.org | PCS: 612.306.6055 They must not get baseball sized hail in Redmond. If they did MS would have realized HailStorm is a bad name for their new services.