I have squid listening on my internal interface and i wouldn't make it listen on the public one or have a second squid instance running .Would still be possible for me to filter incoming connection from eth0 to internal www server with the following iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.3(internal www)--dport 80 -j REDIRECT --to-port 3128 or it should point to 192.168.1.0/24 in the -d field?neather of both ... ?

From the look of the command you want to change all traffic heading towards your webserver on port 80 to port 3128. Is that what you wanted?

If you put 192.168.1.0/24 in the d field then any traffic into that subnet on port 80 would be redirected to port 3128. You shouldn't need to do that if your just trying to redirect the port for your webserver.

If i remember right then these commands will only work if your not masquerading for your internal subnet. Otherwise the external comp wouldn't know the private IP of the web server.

Got that or have i lost you in my wandering?

Yes that's right all port 80 traffic for the webserver 192.168.1.3 in 192.168.1.0/24 through the squid on gateway 192.168.1.1 eth1,there is 1 think confusing me.Squid is supposed to cache web pages for browsers and they work on a port number something around port 30000 and not 3128 which is a privileged port and is used to filter traffic redirected from port 80 of people connecting to my internal web server right ? So squid apart caching can work as a firewall , port farwarder what else ?I don't know if i fully realized the way it works !

The firewalling and port fowarding is done by Iptables, which is part of the kernel and not a squid thing.