A little bit more info is needed...
Dansguardian should be listening on the LAN interface port 80.. eg 192.168.1.1:80
squid on 127.0.0.1 port 3128..
squid.conf should have these lines to make it handle transparent virtual requests..
http_port 127.0.0.1:3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_single_host off
httpd_accel_uses_host_header on
and iptables should have..
iptables -t nat -A PREROUTING -i eth~ -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1
#eth~ is the LAN interface
You can also add a second rule for port 443 for https..
In this configuration, everything from the LAN going out to port 80 gets diverted to dansguardian which then sends it to squid..
If squid listens on only 127.0.0.1 there is no need to block packets from everywhere from finding it and bypassing dansguardian, or internet sources using it as an open proxy..
Likewise with dansguardian.. only the LAN interface is sent to it..