My goal is to have an externally located DansGuardian + Squid setup to be used by only certain machines (the kids, especially) in my home. I've managed to install both on a cheap VPS, and I've had some of the results that I'm looking for.
My home router runs DD-WRT, so iptables is in there. Initially, I used this command:
iptables -A PREROUTING -p tcp -m tcp --dport 80 -m mac --mac-source 00:19:B9:3E:BA:DF -j DNAT --to-destination <vps-address>:3182
Essentially this command is taking outbound port 80 traffic originating from the specified mac address, and pushing it to vps-address:3182. When opening a browser on the associated machine, it worked -- but I got a Squid web page with 'access denied' indicated. Apparently, by using port 3182, I'd pointed it directly to Squid, which is configured to only allow traffic from localhost.
So I changed it to this instead (port 8080 instead of 3182)
iptables -A PREROUTING -p tcp -m tcp --dport 80 -m mac --mac-source 00:19:B9:3E:BA:DF -j DNAT --to-destination <vps-address>:8080
When I use this second approach, it doesn't work at all. But the nutty thing is that I can change the proxy settings on the browser and point to vps-address:8080, and it works just fine.
So squid is working transparently at the network level -- but how do I get dansguardian to do the same thing? I'd prefer a transparent solution -- I don't want to rely on explicitly typed proxy settings within the browser.
A different approach is also possible - use ICAP server running on the same VPS box as Squid and listening on 127.0.0.1 local only address that Squid will use to direct all traffic into. As an example of such ICAP server is qlproxy. So if you managed to make your Squid work transparently then you already have the required setup in place. Just add qlproxy to the soup.