> Ok. This will cause problems with MTU discovery in both directions, but
> mainly in Squid->client direction.
> If you are today using conntrack on this Linux router then I would
> strongly recommend the use of CONNMARK to route HTTP sessions rather than
> packets.. doing so will allow MTU discovery to continue function like
> normal.

Thank you for the tip, will try do something but maybe you have forking example
of such configuration? If no - don't worry too much.

> > - On Squid (Linux, separate machine):
> > redirect packets coming to port 80 to port 3128 using iptables REDIRECT

> target.
> Is this "behind" the router using the router as gateway to the clients,
> or on the same side of the router as the clients?

Squid is behind the gateway, from the upstream provider path.

Ok, thank you for the help - will try to help those solutions.