[squid-users] squid transparent proxy + parent proxy

Hi,

I've tried searching the mailing list and google but I can't seem to
find a solution.

I'm trying to set-up a squid proxy server (squid V3.1)  in our
organisation for external users.

I've configured a Linux box (fedora 14) with 2 NIC, the first (eth0 IP
address 172.20.104.148 - gateway 172.20.104.1) goes to the outside
world and the other (eth1 - address/gateway 192.168.0.1) connects to
an internal LAN. There is a DHCP server running on eth1, and that all
works fine.

One the other end of eth0 is a proxy server that I know nothing about
other than the IP and port number. I've configured squid with a parent
cache, the ACL to allow the LAN addresses through, it seems to be
working because if i connect a client machine to eth1 and enter the
proxy details for the squid box it will browse the internet with no
problems.

However, I cannot get the squid box to run as a transparent proxy (if
I remove the proxy details from the client it ceases to work).

I added the 'http_port 3128 transparent' to the squid.conf file but no
joy, I read this command has now been depreciated and to use the
'http_port 3128 intercept' command instead, again, this doesn't work.

I've tried using the IP tables commands (separately, wiping after each attempt):
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination
172.20.104.148:3128

--
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination
192.168.0.1:3128
--
# permit Squid box out to the Internet
$IPTABLES -t mangle -A PREROUTING -p tcp --dport 80 -s  192.168.0.1 -j ACCEPT
# mark everything else on port 80 to be routed to the Squid box
$IPTABLES -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK --set-mark 2
$IPTABLES -t mangle -A PREROUTING -m mark --mark 2 -j ACCEPT
--
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
--
None of these work (obviously)
Can anyone help?