#————————-
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan
#————————-

Where,

* httpd_accel_host virtual: Squid as an httpd accelerator
* httpd_accel_port 80: 80 is port you want to act as a proxy
* httpd_accel_with_proxy on: Squid act as both a local httpd accelerator and as a proxy.
* httpd_accel_uses_host_header on: Header is turned on which is the hostname from the URL.
* acl lan src 192.168.1.1 192.168.2.0/24: Access control list, only allow LAN computers to use squid
* http_access allow localhost: Squid access to LAN and localhost ACL only
* http_access allow lan: — same as above –

Eth0: IP:192.168.1.1
Eth1: IP: 192.168.2.1 (192.168.2.0/24)

Eth0 connected to internet and eth1 connected to local lan i.e. system act as router.

In addition to your WIPFW configuration.. this transparent config may help!

consider these:
computer#1 : SRVR
computer#2 : GW (your internet gateway)
and the rest of your LAN computers

Now here are the key steps to follow..

1- your LAN users must be obtaining their IP’s through a DHCP server (google some free ones) and set it up on your SRVR.

2- Add another IP address for your Windows machine
http://www.itsyourip.com/networking/how-to-add-multiple-ip-address-in-windows-2000xp2003/
make sure that you separate the subnets (e.g. 192.168.1.0/24 and 10.0.0.0/8) so that your WHOLE LAN pc’s are on one subnet, and your GW is on the other.
Say, 10.0.0.0 is for your GW and 192.168.1.0 is for other LAN computers.
hint: you can use this address 192.168.1.1 _WITH_ 10.0.0.2 as your SRVR address, and 10.0.0.1 as your GW address
(you need to access your GW to set it up with the new IP’s)
BUT BE CAREFUL… IT’S PREFERABLY NOT TO CHANGE THE GW IP, UNLESS YOU KNOW WHAT YOU’RE DOING !!

3- For the DHCP server settings on your SRVR, you’ll only be concerned about these: (IP configuration given to clients)
IP range: 192.168.1.2 to 192.168.1.100 (gives you 99 hosts that can use your LAN)
gateway: your squid address 192.168.1.1 (that is SRVR) not your GW.

4- Turn off the DHCP server of your GW, so you can avoid race between two DHCPs.

5- Make sure your GW does not have any other IP’s on the LAN.

6- Configure your squid for allowed_ports and our_networks — Don’t forget to add all used networks above (you’re the man, thx for your other post of Squid config )

By now, your SRVR can ping both: the GW and LAN computers…

Once the older DHCP leases expire (from the GW’s DHCP), your Windows DHCP server will now start acting!
Hence, they’ll be given your squid address as the gateway address.

If it doesn’t work, maybe you need to add a DNS to the DHCP server configuration. — I am not sure of that yet..
Please tell me if it works for you!

P.S.
This won’t be really effective for some tough guy sniffing LAN traffic, he might bypass your squid by using static IP on the 10.0.0.0 network.
So you need to create firewall rules on your GW.. long story, I know !

thank you for your idea.. i didn’t know that there is a free version of vmware server.