parent proxy, squid and transparent mode

Hello I need some clarification how transparent mode works and the way to activate it.
I have a hotspot and masquerade the hotspot network.
I dst-natted all port 80 traffic to internal proxy ( port 8080 ) and then enabled proxy and parent proxy with address/port (3128 ) of external squid box.
Now the first question arises: where to enable transparent proxy? from the docs seems to be in /ip/proxy but I cannot find that option. ( ROS 2.9.50 )
Yes I know it is in the hotspot user profile but I have also PPPoE connections so no user profiles are needed locally since I am using Radius to
authenticate customers.
About transparent proxy, reading the docs I found:
“Only correct way is to add transparent proxy on the router itself, and
configure it so that your “real” proxy is parent-proxy. In this situation your “real” proxy does not
have to be transparent any more, as proxy on router will be transparent and will forward proxy-style
requests”; after reading this I removed the option TRANSPARENT from HTTP_PORT option on squid box, since I think it is no more needed because transparent
is MT box, is that correct?
Looking into the cache.log of Squid, I can see a lot of errors that lead me to think that the header containing all the original information from the clients, where not
passed to Squid box, it seems to me that MT box is NOT transparent and thus is not forwarding these informations; it maybe that doing a MASQUERADE prevents
these informations to be forwarded? To better explain my situation, I try to depict my scenario:

HOTSPOT(masquerade)/RB333(proxy/parent proxy enabled)—wlan<---------->wlan–rb333-----lan—WAN GATEWAY

SQUID box is attached on lan.
Where to put proxy NAT rule (chain=dstnat action=redirect to-ports=8080 in-interface=wlan2 dst-port=80 protocol=tcp) in hotspot chain? On top of dinamic rules? On bottom?..
One last question is: what is the advantage to have PARENT PROXY enabled? I can redirect all traffic to the Squid box without passing a routerboard, in this case
I will not use memory and cpu and thus the performances are better, is it thrue?
Thanks a lot for your attention and help.
Best regards
Alessandro

Please someone can help me?
Thanks

Dear Alex,

You need to make a new simple topology without rerouting traffic and killing the resources of your RBs. My Advice is first to bridge your wireless link, in this way you can simply have your WAN as ur hotspot gateway this way you routed the net to your clients in the best way,which is the basic,after comes the caching.In your scenario you will need webproxy+dstnat:80 for ppp clients while for the hotspot users you simply go to profiles and add your squid in HTTP proxy.

HOTSPOT(masquerade)/RB333(proxy/parent proxy enabled)—wlan(bridge,wds-static,bridge wlan+ether1<---------->wlan–rb333(station-wds and bridge wlan+ether1)-----lan—WAN GATEWAY

note: while bridging your routerboards dont forget to clear the masqeraude rule otherwise they will not be bridged

Hi thanks for the reply but I don’t want a bridged network, I choose a routed network because is more flexible and has no issues; I tryied bridged network and sometimes when I have to reconfigure some bridged interfaces, the RB hangs and I have to go for a long trip to reset the config. Another issue is that NETBIOS traffic is propagated all over the entire network so some customers has seen othe customers shared resources on their pc.
Aniway thanks a lot for your courtesy and help.
best regards
Alessandro

Actually I mean your DMZ not your client side.Its just a simple ptp link there is no worries in your secnario

Thanks Mtik to have all my questions answered.
Alessandro