Wait, the squid server is on a separate host, on the $int_if side of the firewall (the same side the clients are on)?
Then transparent proxying would require "reflection", and doesn't work, see http://www.openbsd.org/faq/pf/rdr.html#reflect If squid is seeing TCP_MISS errors, that probably means the clients are using the proxy explicitely (not transparently), and the rdr is not being used at all... This worked for the past years how? Daniel
