sysctl net.ipv4.ip_forward
sysctl -w net.ipv4.ip_forward=1

mkdir /etc/squid && cd /etc/squid
mkdir /etc/squid/ssl && cd /etc/squid/ssl

openssl req -new -newkey rsa:1024 -sha256 -days 3650 -nodes -x509 \
-extensions v3_ca -keyout squid.pem -out squid.pem \
-subj "/C=RU/ST=KRM/L=SEV/O=afanuo/OU=UO/CN=local"

openssl dhparam -outform PEM -out dhparam.pem 1024
chmod -R 0640 /etc/squid/ssl
openssl x509 -in squid.pem -outform DER -out squid.der
rm -rf /tmp/squid/ssl_db
/usr/lib/squid/security_file_certgen -c -s /tmp/squid/ssl_db -M 3MB

Добавить в etc/rc.local (Система - автозапуск, 2 вкладка. В 1 вкладке отключить автозапуск squid)
sleep 10
/usr/lib/squid/security_file_certgen -c -s /tmp/squid/ssl_db -M 3MB  &
/etc/init.d/squid start


http_port 3129 intercept
https_port 3130 intercept ssl-bump cert=/etc/squid/ssl/squid.pem
ssl_bump splice all
sslcrtd_program /usr/lib/squid/security_file_certgen -s /tmp/squid/ssl_db -M 3MB
cache deny ALL
never_direct allow all
cache_peer 10.0.43.52 parent 3128 0 no-query no-digest proxy-only


vi /etc/config/firewall

config redirect
        option name 'Allow-transparent-Squid-http'
        option enabled '1'
        option proto 'tcp'
        option target 'DNAT'
        option src 'lan'
        option src_ip '!192.168.10.1'
        option src_dip '!192.168.10.1'
        option src_dport '80'
        option dest 'lan'
        option dest_ip '192.168.10.1'
        option dest_port '3129'
config redirect
        option name 'Allow-transparent-Squid-https'
        option enabled '1'
        option proto 'tcp'
        option target 'DNAT'
        option src 'lan'
        option src_ip '!192.168.10.1'
        option src_dip '!192.168.10.1'
        option src_dport '443'
        option dest 'lan'
        option dest_ip '192.168.10.1'
        option dest_port '3130'