i dont think you will need the rule number 6. from the LAN site your traffic will not pass the forward chain, since it already routed to input chain by dst-nat.
About the MSN what kind protocol does MSN use? does it use http?
1) Just make another packet-mark on chain output and name it "packet-from-proxy" with dst-address-list=512kNo other rule for 512k list. But i'm using web proxy and caching.