I have squid installed on my desktop and am looking to redirect all outbound http traffic through port 3128 on my local machine.

I have read the transparent proxy howto and can't seem to get this to work.

Any help w/ the proper iptables rule would be appreciated....

Here is the default Redhat iptables script I am running:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.168.1.5 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
service iptables save

This will send any requests for http port 80 to squid on this machine, and save the rule for later.

You should also seriously look at getting some better rules if you are acting as a gateway for a Lan behind you.
Have a look at this tutorial and this firewall tool... http://firestarter.sourceforge.net/

Actually, no machines will be proxying through this box. This setup is strictly for development/test purposes.

The rule you stated is all over the net.... Even w/ that rule I am not redirected. If I bring up a browser on the same machine running iptables and squid with the rule you stated enabled I am not redirected to port 3128.

-Rob

p.s. yes, ip forwarding is enabled

What happens if you set the browser's proxy setting to your outgoing ip number and port 80?
Usually, if you send proxy request headers to squid, it will honour them.
Just now have to find out which component needs to be tweaked...

Add a rule via lokkit to ACCEPT 3128 tcp for interfaces lo & local lan interface.

If I set my browser to use http://:127.0.0.1:3128 everything works fine. I am trying to avoid having to add anything to the browser which is why I need iptables...

I'll give your suggestion a shot and let you know....

Thanks for your help!

-Rob