ended up figuring it out in case anyone was interested.
you can nest proxies easily using either privoxy or tinyproxy. privoxy has a forward setting, and tinyproxy has a upstream setting. i had to set privoxy to allow accept-intercepted-requests by setting it to 1. beyond that I set my router to forward all HTTP (port 80) data to the proxy server. both privoxy and tiny proxy allow you to "whitelist" domains, so to fix the plex issue I was having, i just needed to whitelist "plex.direct" as a domain
my iptables script from the dd-wrt wiki:
#!/bin/sh
PROXY_IP=(insert ip_address)
PROXY_PORT=(insert port_number)
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
netflix also doesn't like this setup so I had to find their ip ranges and whitelist them too - http://ipinfo.io/AS2906