Selamat siang master semua,
Sudah 2 minggu ini coba mencari solusi lewat beberapa referensi baik blog maupun forum tapi ternyata blom mampu saya pecahkan, saya sangat mengharapkan saran dari master2 disini.

Topologi jaringan saya:

Internet -----Modem-----Mikrotik------Swith Manage-----Client
-------------------------Proxy (Debian 8) ------------------------

Mikrotik eth1 = IP Public
Mikrotik eth2 = 192.168.13.1/29
Mikrotik eth2 = Vlan1 (192.168.2.1/24), Vlan2 (192.168.3.1/24), Vlan3 (192.168.4.1/24), vlan4 (192.168.5.1/24)
IP Switch Manage = 192.168.13.2 (vlan1, vlan2, vlan3, vlan4)
IP Proxy = 192.168.13.6

Untuk setingan squid3
acl lan1 src 192.168.2.0/24
acl lan2 src 192.168.3.0/24
acl lan3 src 192.168.4.0/24
acl lan4 src 192.168.5.0/24

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access allow SSL_ports
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost
http_access allow lan1
http_access allow lan2
http_access allow lan3
http_access allow lan4
http_access allow CONNECT !ssh_ports
http_access deny all

http_port 3128 transparent
Code:
NAT
/ip firewall nat add chain=src-nat out-interface=eth1 action=masquerade
NAT Proxy
/ip firewall nat add chain=src-nat src-address=192.168.13.0/24 action=masquerade
NAT Client
/ip firewall add chain=src-nat src-address=192.168.2.0/24 action=masquerade

Client block ip 192.168.2.0/24 arahkan ke proxy
/ip firewall chain=dst-nat protocol=tcp dst-port=80 in-interface=vlan1 to-addresses=192.168.13.6 to-ports=3128
untuk setingan ip tables di debian
Code:
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.2.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.3.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.4.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192.168.5.0/24 -d 0/0 --dport 80 --to-ports 3128
iptables -A INPUT -p tcp -s 0.0.0.0/0 -d 192.168.13.6 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.13.6 --sport 3128 -d 0.0.0.0/0 -m state --state ESTABLISHED -j ACCEPT
untuk uji coba proxy ini baru dari vlan1 yaitu ip block 192.168.2.0.24 biar block yang lain tidak terganggu.
Mohon koreksi atas setingan saya diatas, saya ucapkan terimakasih untuk para master yang mau kasih solusi.

==Sukudheru==