关于squid不能禁止下载的问题?

jimorainboy

下边是squid配置文件:
http_port 127.0.0.1:3128

cache_mem 32 MB
cache_dir ufs /cache/squid 6000 16 256
cache_access_log /usr/local/squid/var/logs/access.log /dev/null
cache_log /usr/local/squid/var/logs/cache.log /dev/null
cache_store_log /usr/local/squid/var/logs/store.log none

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1
acl mmxfile urlpath_regex -i \.gif$ \.exe$ \.mp3$ \.rmvb$ \.rm$ \.wma$ \.wav$ \.rar$ \.zipacl star src 192.168.1.0/255.255.255.0

acl t arp "/usr/local/squid/teacher.list"
acl t1 arp "/usr/local/squid/teacher1.list"

acl baduser maxconn 3

http_access allow teacher teacher1 localhost
http_access deny mmxfile
http_access deny baduser
http_access allow star
http_access deny all

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

我用iptables做的透明代理代码如下:
modprobe ip_tables
modprobe iptable_nat
modprobe iptable_filter
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F -t nat
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to xxx.xxx.xxx.xxx

代理的机器全都由FC3上的DHCP分配的IP地址从：192.168.1.10-192.168.1.254  主机的eth0的IP是192.168.1.1
我用的是arp认证，t 和 t1 这两个用户是认证，我想禁止其余没有被arp认证的下载。
是什么原因请大侠们看一看，我在这里先谢谢诸位了!!!