[squid-users] Enable tproxy in Squid 3.5 running on Debian 9

[xpro6000]

I'm trying to setup tproxy with Squid 3.5 for the purpose of having the
same outgoing ip as the connecting ip. (I have thousands of IPs and I can
not add them one by one)

I started with a fresh install of Debian 9, installed Squid by

apt install squid

then I added

http_port 3129 tproxy

to squid.conf

I then ran the following commands for iptables

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT

iptables  -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables  -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark
0x1/0x1 --on-port 3129


I can use the proxy with no problems on port 3128, but on Firefox I get a
message "The proxy server is refusing connections" when I set the proxy to
port 3129. Did I miss any steps or am I doing something wrong?

below is my full squid.conf file

acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access allow all
http_port 3128
http_port 3129 tproxy
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171004/ac853da3/attachment.html>