My goal is to have an externally located DansGuardian + Squid setup to be used by only certain machines (the kids, especially) in my home. I've managed to install both on a cheap VPS, and I've had some of the results that I'm looking for.
My home router runs DD-WRT, so iptables is in there. Initially, I used this command:
iptables -A PREROUTING -p tcp -m tcp --dport 80 -m mac --mac-source 00:19:B9:3E:BA:DF -j DNAT --to-destination <vps-address>:3182
Essentially this command is taking outbound port 80 traffic originating from the specified mac address, and pushing it to vps-address:3182. When opening a browser on the associated machine, it worked -- but I got a Squid web page with 'access denied' indicated. Apparently, by using port 3182, I'd pointed it directly to Squid, which is configured to only allow traffic from localhost.
So I changed it to this instead (port 8080 instead of 3182)
iptables -A PREROUTING -p tcp -m tcp --dport 80 -m mac --mac-source 00:19:B9:3E:BA:DF -j DNAT --to-destination <vps-address>:8080
When I use this second approach, it doesn't work at all. But the nutty thing is that I can change the proxy settings on the browser and point to vps-address:8080, and it works just fine.
So squid is working transparently at the network level -- but how do I get dansguardian to do the same thing? I'd prefer a transparent solution -- I don't want to rely on explicitly typed proxy settings within the browser.