Change your masquerade rule to,
/ip firewall nat add in-interface=LAN dst-port=80 protocol=tcp action=redirect to-ports=3128 chain=dstnat
Make sure proxied traffic is not filtered by /ip proxy access and /ip firewall filter.
Thanks - I’ve disabled all the firewall filters and proxy accesses, add the dst port 80 to masquerade rule, but it didn’t help.
Maybe is problem in default gateway of our domain (10.0.0.3), which is different then mikrotik (10.0.0.50)?
Is the Mikrotik device using its own “Internet” connection for internet access?
The masquerade on the “Internet” interface is disabled. Intentional?
Yes, its own internet (another fixed IP)
Masquerade is disabled now, but I’ve try it alone or in combination with the other NAT rules.. its still the same.
you didn’t have to disable it, but modify it, like Sergejs wrote. Your internet will not work without a masquerade rule.
It seems that masquerade and redirect dstnat works the same.. no matter which combination or modification of these two nat rules (masquerade, dstnat) I use, I have to set the proxy manually in browser to internet work properly (so only port “is transparent”).
But if I forgot to transparent proxy, I can control internet access very effectively. It really works, but not transparent 
So I guess, the problem is somewhere in default domain gateway and I’ll leave it be for now..
Any case, thank you all for your efforts
At the start of the discussion there was mention of the proxy being on port 8080 but later it was shown on port 3128.
Could you try using “/export compact” one more time so we can see clearly what is set at this point?
To be able to be a transparent proxy, the Mikrotik has to be the default gateway for the computers.
Since your connections go out trough the domain gateway, this is not the case.
Change the default gateway settings on your computers and it might work…
Thank you. You’ve confirmed my initial concern, I have the same opinion.
But it’s impossible to change default gateway, so I have to settle with nontransparent proxy…