> A transparent proxy is ugly and prone to errors, anyway. My
> recommendation would be to redirect all request for port 80 (except
> those from the machine running squid) to a page on one of your servers
> that instructs the user how to configure their browser to use the proxy.
...if you use the 'automatically detect settings' in your browser
config (IE, Firefox, Safari etc) then it should put out a request for
the WPAD substantiator:
bluntly, this means if you have a host responding to that request
eg http://proxy_config:80/wpad.dat and wpad.dat contains the settings
you are all clear.
1) this can also be served out as an 'option 252' in the DHCP
2) the wpad.dat could be held and served by m0n0wall.... so m0n0wall
could, trivially, support having a web proxy on your LAN/DMZ
which would mean all your clients were happy.
easy eh? ;-)