the network is

Internet <=> firewall Linux with two NICs firewall <=> internal network

The internal network has hosts with the following: hostA - one NIC smtp hostB - one NIC http/https hostC - one NIC dhcp server hostD - one NIC squid http proxy : port 8080 privoxity http proxy filter : port 8081 privocity forwards to squid squid sends to the outside world should the order be swapped? why? why not?

The dhcp server tells clients to route via hostD

how can hostD be setup so that it is a transparent proxy? Currently all clients set their http proxy to hostD on the privocity port. I know some IPtables rules will be needed on hostD but dont know what to set. Will routing rules need to be set on hostD? what are they?

thanks