Вот сам iptables
*nat
:PREROUTING ACCEPT [1:386067]
:POSTROUTING ACCEPT [1:194678]
:OUTPUT ACCEPT [1:194678]
-A PREROUTING -i 192.168.1.195 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128.
-A PREROUTING -i eth1 -p tcp -m tcp --dport 8080 -j REDIRECT --to-ports 3128.
-A PREROUTING -i eth1 -p tcp -m tcp --dport 280 -j REDIRECT --to-ports 3128.
-A PREROUTING -i eth1 -p tcp -m tcp --dport 488 -j REDIRECT --to-ports 3128.
-A PREROUTING -i eth1 -p tcp -m tcp --dport 777 -j REDIRECT --to-ports 3128.
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE.
COMMIT
# Completed on Sat Oct 19 01:13:14 2013
# Generated by iptables-save v1.4.7 on Sat Oct 19 01:13:14 2013
*mangle
:PREROUTING ACCEPT [371263:162270149]
:INPUT ACCEPT [1024:161464707]
:FORWARD ACCEPT [1024:794498]
:OUTPUT ACCEPT [397486:196075533]
:POSTROUTING ACCEPT [403223:197038940]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill.
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill.
*filter
:FORWARD ACCEPT [1024:65535]
:INPUT ACCEPT [1024:65535]
:OUTPUT ACCEPT [1024:65535]
-A INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1024:65535 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 1024:65535 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1024:65535 -j ACCEPT
-A FORWARD -m state --state NEW -i eth1 -s 192.168.1.0/24 -j ACCEPT
-A FORWARD -s 192.168.1.0/24 -j ACCEPT
-A FORWARD -s 192.168.1.195/24 -i eth1 -j ACCEPT
-A FORWARD -d 192.168.1.195/24 -i eth0 -j ACCEPT
COMMIT
# Completed on Sat Oct 19 01:13:14 2013