iptables -t nat -A PREROUTING -i eth1 -s 192.168.2.1 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 3128 -j DROP