Shorewall users - Jan 2003 - authenticating user''s to a squid proxy.How to do this with Shorewall?

I''m hoping someone can give me tips on how I need to set this up with
Shorewall.

right now I have my internal network masq''ed to my public nic card to
share internet. So I use a line like this in my shorewall:

ACCEPT  masq    fw      tcp     80,443,53,22,25,109,110,143,3128

That works fine. Now, I set my computer clients up to manually access a proxy
server at port 3128. I also want them to authenticate to it so I can see a user
name. That all works fine if I have the user''s configured at each
workstation.

So, i thought I could, with shorewall, redirect all tcp traffic to port 3128
with this line:

REDIRECT masq    3128    tcp     80

But this doesn''t quite work. My squid logs show all of the requests
coming from one IP, and then no authentication is required for some reason.

What do I have to do in Shorewall to still

#1 share the internet connection with my private pool of ips, and 
#2 configure shorewall to allow squid to see each individual IP address when the
requests come from the client machines?

Do I need to set up the zones file different, or set up the masq file different?

Any advice would be greatly appreciated...

Bob