I'm studying for my CCNA, and I'm having a TERRIBLE time figuring out ACL's. I'm in Packet Tracer, and one of my labs goes like this:

R A N E T CO.,LTD. 
LAB 4-6: Access Control List (ACL) 

You are the network administrator at Ranet, and 
have to config router Ranet-HQ to connect its LAN 
to Branch network and Internet, and to config 
Access-List to control traffic as below: 
(via its console) 
    1. Enable and set IP address on LAN interface 
       to be the first assignable IP of this subnet. 
    2. Enable and set IP address on each serial 
       interface to be the last assignable IP of its 
       own subnet. 
    3. Set RIPv2 to be the router protocol on this 
       router to exchange route with Ranet-BR 
    4. Set default route to allow the connection with 
       internet. 
    5. Set access-list to prevent the connection 
       from hosts in LAN as: 
          - allow only Admin-Host to telnet to 
            Ranet-CoreSW (password: ranetpass) 
          - Not permit only User-Host1 to connect 
            to any site in the internet. 
          - Any traffic beside these should be allow. 

Remark: Use ACL no.100 only!, and use as short 
as possible to gain %Completion

Here's the network:

I got it wrong. I get everything right but the ACL part. I can't figure out how to do this. Here's what I made...can someone tell me what I'm doing wrong?

interface FastEthernet0/0

ip address 172.22.3.33 255.255.255.224

ip access-group 100 in

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/0/0

ip address 172.22.3.98 255.255.255.252

!

interface Serial0/1/0

ip address 203.144.7.254 255.255.255.252

!

interface Vlan1

no ip address

shutdown

!

router rip

version 2

network 172.22.0.0

network 203.144.7.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/1/0

!

!

access-list 100 permit tcp 172.22.3.32 0.0.0.31 172.22.3.64 0.0.0.31 eq telnet

access-list 100 deny ip host 172.22.3.53 any