I don't think that you need to recompile the kernel, just enable the routing features via /proc or some other means.
The most painless way I've found of setting up a NAT and firewall system is the 'shorewall' package. Webmin includes a Web-based configuration page for Shorewall.
The (rather good) Shorewall docs cover transparent proxying with Squid, and are worth a look even if you decide not to use the software.
http://www.shorewall.net/
They also explain the major drawback of transparent proxying - no SSL for the clients. I now use standard proxying for this reason.