FreeBSD

Squid does not work properly on FreeBSD. Where is the mistake?

Greetings. Friends, I've only been learning FreeBSD for a few days. At the initial stage, I chose the book of K.A. Kornienko "FreeBSD9 Corporate Internet Server".
I conduct all experiments on VMware Workstation, in which two virtual machines are installed, one with FreeBSD, the other with XP (which is, like, in LAN behind a proxy server). Installed Squid, configured everything as described, prescribed a rule that forbids going to yandex.ru, but that's bad luck:
1. XP does not go to yandex.ru, but if you enter https://yandex.ru , the site opens.
2. XP does not go to any site at all now, except for those to which you can add https://
And yes, while Squid was not transparent, there was such a feature - when entering yandex.ru, a page appeared with the squid logo and "access denied....". Now the default is "page not available".
What is the problem? Tell me please! I haven't been able to figure it out for a couple of days now, I've read a lot of forums, but there is no result...
Everything I configured in FreeBSD:
uname -a
FreeBSD free9.home.com 9.3-RELEASE FreeBSD 9.3-RELEASE #0:
rc.conf
hostname="free9. home.com"
sshd_enable="YES"
ntpd_enable="YES"
dumpdev="NO"
#____Networks
ifconfig_em0="inet 192.168.1.252 netmask 255.255.255.0"
ifconfig_em1="inet 172.16.0.1 netmask 255.255.255.0"
#____Firewall
firewall_enable="YES"
firewall_type="/etc/firewall.conf"
#____Named
named_enable="YES"
#____NAT
gateway_enable="YES"
natd_enable="YES"
natd_interface="em0"
#____SQUID
squid_enable="YES"
named. conf
acl ACCESS { 127.0.0.1; 172.16.0.0/24 ;};
options {
listen-on { 127.0.0.1; 172.16.0.1; };
allow recursion { ACCESS; };
forwarders {
192.168.1.1;
8.8.8.8;
};
};
firewall.conf
add 4000 divert natd ip from any to any via em0
add 4100 fwd 127.0.0.1,
add 65500 allow ip from any to any
squid.conf
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/24 # RFC1918 possible internal network
acl dom_deny dstdomain yandex.ru
#acl users src "/ usr/local/etc/squid/users.txt"
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/ 10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet !dom_deny
#http_access allow localhost
#http_access allow users
http_access deny all
http_port 3128 transparent
coredump_dir /var/squid/cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320