Interesting idea.  Somewhat related to this is the ability to force
transparent proxy to a separate proxy server. This is currently not possible
in m0n0wall either.

E.g., I'd like to have squid running on a machine in my network somewhere
and transparently direct all appropriate traffic to it. (Of course I also
want m0n0wall to detect a failure of that machine and temporarily disable
the transparent redirect until it returns, but that could be v2 :->).

I don't know enough about the access control/logging issues to comment on
how useful it is to put squid into m0n0wall itself, but it seems it
shouldn't be much more work to ensure that the admin could choose the
'built-in' m0n0wall squid proxy or an external one.

Thanks for getting the ball rolling on this!

cheers, michael