I made an ipXmac matching policy on my firewall to allow only matching users to have any kind of access, but the problem is that I also have a transparent proxy rule that won't work anymore.
Here's my NAT'S prerouting table:

target prot source destination
ACCEPT all -- MAC 02:02:A5:XX:XX:XX
ACCEPT all -- MAC 00:0C:6E:XX:XX:XX
ACCEPT all -- MAC 00:11:2F:XX:XX:XX
DROP all --
REDIRECT tcp -- tcp dpt:80 redir ports 3128

Example: The user with the IP will only have granted access (ACCEPT) if his NIC's MAC will be 02:02:A5:XX:XX:XX.
The problem is that the last rule (the transparent proxy's one) is being ignored. It means, as soon as the user is accepted by the mac-match rule, it goes directly to the port 80 it's requesting, it's not being redirected to the port 3128.
Any ideas?

Marcelo Chanea,
Rio de Janeiro, Brasil.