I've been playing with optware on an Asus RT-N16 router, and I've installed squid3. Its setup to be transparent, with the only real modification to the squid.conf file being
http_port 3128 transparent
the rest is the default file with only the proper IP addresses modified.
It seems to be working, but the cache.log file has about a million lines saying "Warning: transparent proxying not supported". It doesn't complain when I leave it as a regular proxy and set my browser to port 3128.
I've noticed squid has to be compiled with —linux-netfilter=enabled (or something close to this), but wouldn't it just fail to forward packets back to port 80 if the squid3 package wasn't compiled with this.
My firewall script is below, pasted into the firewall script page in Tomato Usb.
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp —dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp —dport 80 -j DNAT —to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT —to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp —dport $PROXY_PORT -j ACCEPT