nixCraft

Cool. All you need to do is modify your iptables rules. Following rules will forward all http requests (coming to port 80) to the Squid server port 3128. Assuming that eth1 connected to linux router for rest of lan and IP is 10.10.1.1, then rule should be:
This is for eth0
Remember 10.10.1.1 should be set as the router for all Windows XP/Linux desktop. If your network is big then use DHCP to send router address.

__________________
Rocky Jr.
What's wrong? I hope I am not making you uncomfortable...

Never send a boy to do a mans job.

well thanks u helped a lot, routing of ports works fine, transparent proxy aswell, only have one last problem, i can't access internal websites with the transparent proxy, dont know whats happening..
i,e: when i go to www.ua.pt it gives me the squid access restriction error msg,
aswell as when i go to www.av.it.pt
(both these sites are internal websites (www.ua.pt is my provider and www.av.it.pt is my company site)
it seems like the routing isnt letting me access internal websites, only external ones.

Just do not forward (DNAT) port 80 to 3128 request for www.ua.pt (193.136.173.1 www.av.it.pt (193.136.92.50) IPS. Use following IPTABLES rules:
OR
A "!" argument before the IP address 193.136.173.18 specification inverts the sense of the address i.e. skip this ip from DNAT

Chk out above rules and let me know since i don't have setup like you, i cannot verify it right now.

__________________
Rocky Jr.
What's wrong? I hope I am not making you uncomfortable...

Never send a boy to do a mans job.

hey, thanks.
is it possible for the squid to do that automatically? for example if ur trying to access any .ua.pt or .av.it.pt it would not redirect?
i've read something about never_direct do u know anything about that?

Squid is proxy and redirection is done by Iptables. So you cannot do anything at squid level,IMPO.

ok. so what does never_direct do ?
sorry for asking,

ok, the lastest.
i've tried working with the never_direct option from squid, wont work.
i've tried working the iptables but stupidly enough it works when i try lynx www.ua.pt on my core router (previsouly stated as stan), but on a computer connected to that router it wont connect (previously stated as my laptop), no clue why (only way it might work is that the core router has an external ip, so its routing is own requests through that nic and not the internal requests from the lan)
any ideas?

Iptables should work with all LAN system, I am not sure what iptables rules you are using. Also make sure iptables is not blocking lan access for your site.

__________________
Rocky Jr.
What's wrong? I hope I am not making you uncomfortable...

Never send a boy to do a mans job.

Ok, it works and through squid, thanks for the help guys

Here's how its done for future reference.

1st. create an acl for the domains that u dont want to go through the proxy

acl directdomains dstdomain .av.it.pt
acl directdomains dstdomain .ua.pt
acl directdomains dstdomain .ieeta.pt

2nd. now lets deny access to the proxy for those domains

never_direct deny directdomains

restart squid

and voilá
we've got transparent proxying for both internal and external websites, via another proxy-server from our isp.

took a week but got it done

thanks again

any questions let me know, if i need help i will surely post here

Cool

It is nice to know that it is working for you. I do keep visiting this forum as I learn something new everyday.

Thanks for sharing back solution.

Just one more question did you used iptables rules mentioned by rocky jr?