Previous instructions worked – except it redirected all traffic meant for the actual internal webserver, which meant… well, oops.

Thus.

echo “201 proxy” > /etc/iproute2/rt_tables

ip rule add fwmark 2 table proxy

ip route add default via (squidproxyinternalipaddress) table proxy

iptables -t mangle -A PREROUTING -i vlan0 -p tcp –dport 80 -j MARK –set-mark 2

iptables -t mangle -A PREROUTING -i br0 -p tcp –dport 80 -j MARK –set-mark 2

iptables -t mangle -A PREROUTING -m mark –mark 2 -j ACCEPT
On the squid/server box:

iptables -t nat -A PREROUTING -p tcp -d ! (squidproxyinternalipaddress) –dport 80 -j REDIRECT –to-port 3128

Except yayhooray.com doesn’t seem to work.  It redirects to the external IP somehow.  Must see.