Настроить поозрачный прокси в SQUID 3.1.15

Changes in 3.1 http_port transparent intercept ssl-bump connection-auth[=on|off] ignore-cc

Option 'transparent' is being deprecated in favour of 'intercept' which more clearly identifies what the option does. For now option 'tproxy' remains with old behaviour meaning fully-invisible proxy using TPROXY support.

New port options intercept Rename of old 'transparent' option to indicate proper functionality.

allow-direct Allow direct forwarding in accelerator mode. Normally accelerated requests are denied direct forwarding as if never_direct was used.

connection-auth[=on|off] use connection-auth=off to tell Squid to prevent forwarding Microsoft connection oriented authentication (NTLM, Negotiate and Kerberos)

keepalive[=idle,interval,timeout] Enable TCP keepalive probes of idle connections idle is the initial time before TCP starts probing the connection, interval how often to probe, and timeout the time before giving up.

ignore-cc Ignore request Cache-Control headers.

Warning: This option violates HTTP specifications if used in non-accelerator setups.

ssl-bump Intercept each CONNECT request matching ssl_bump ACL, establish secure connection with the client and with the server, decrypt HTTP messages as they pass through Squid, and treat them as unencrypted HTTP messages, becoming the man-in-the-middle.

When this option is enabled, additional options become available to specify SSL-related properties of the client-side connection: cert, key, version, cipher, options, clientca, cafile, capath, crlfile, dhparams, sslflags, and sslcontext. See the https_port directive for more information on these options.

The ssl_bump option is required to fully enable the SSL Bump feature.

Попробовал
http_port 3128 intercept
Не работает. Может еще что то надо поправить?
Вот так загоняю в прокси
iptables -t nat -A PREROUTING   -s $LAN_VPN_RANGE -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

Ерунда какая то. оставил несколько строк

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl all src all 
acl allowed_hosts src 192.168.0.0/16
   
http_access allow manager localhost
http_access deny manager

#http_access deny manager all
http_access allow allowed_hosts
http_access deny all
      
icp_access allow allowed_hosts
icp_access deny all
        
miss_access allow allowed_hosts
miss_access deny all

# Squid normally listens to port 3128
http_port 3128  intercept

Вобщем решил я проблему. Squid оказался кривой в дистрибутиве. Пересобрал пакет с более новой версией и все заработало.