i write iptables rules in script below. i have problem with use "iptables -L FORWARD -nvx" command for show bandwidth monitor per/ip address.It bandwidth incorrect .It's not count bandwidth http:80 in this rules(i think iptables pass 80 port to 3128 port squid).but i remove squid rules on PREROUTING rules that it's working!! the bandwidth monitor/per ip address it's correct.anyone help me please for solve this problem.

condition
1. i want to use squid with transparent proxy
2. ip address include mark.(need to mark for shaping bandwidth)

# Generated by iptables-save v1.3.7 on Thu Jun 7 13:19:32 2007
*filter
:INPUT ACCEPT [78880:22860933]
:FORWARD DROP [268:17474]
:OUTPUT ACCEPT [80904:63904452]
:d-band - [0:0]
:u-band - [0:0]
-A FORWARD -s 192.168.1.199 -j u-band
-A FORWARD -d 192.168.1.199 -j d-band
-A FORWARD -s 192.168.1.199 -i eth+ -m mac --mac-source 00:01:29:92:3B:9D -j ACCEPT
-A FORWARD -i eth1 -p tcp -m tcp ! --dport 80 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Jun 7 13:19:32 2007
# Generated by iptables-save v1.3.7 on Thu Jun 7 13:19:32 2007
*mangle
:PREROUTING ACCEPT [43196:3902369]
:INPUT ACCEPT [78914:22865802]
:FORWARD ACCEPT [2146:648797]
:OUTPUT ACCEPT [80911:63914952]
:POSTROUTING ACCEPT [82278:64521131]
:maccheck - [0:0]
-A PREROUTING -i eth1 -p tcp -m tcp ! --dport 53 -j maccheck
-A PREROUTING -i eth+ -p udp -m mark ! --mark 0x1 -m udp -j ACCEPT
-A PREROUTING -i eth+ -p tcp -m mark ! --mark 0x1 -m tcp -j ACCEPT
-A PREROUTING -s 192.168.1.199 -i eth+ -m mac --mac-source 00:01:29:92:3B:9D -j MARK --set-mark 0xc7
-A maccheck -j MARK --set-mark 0x1
COMMIT
# Completed on Thu Jun 7 13:19:32 2007
# Generated by iptables-save v1.3.7 on Thu Jun 7 13:19:32 2007
*nat
:PREROUTING ACCEPT [3836:284339]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1576:101503]
-A PREROUTING -i eth1 -p tcp -m mark --mark 0x1 -m tcp --dport 80 -j REDIRECT --to-ports 80
-A PREROUTING -i eth+ -p tcp -m mark --mark 0x1 -m tcp --dport 3128 -j DROP
-A PREROUTING -i eth1 -p tcp -m mark ! --mark 0x1 -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -j MASQUERADE
COMMIT