It seems that implementing transparent squid proxy will cause https & ssl to not work well on browsers ...
I'd like to be able to redirect all other requests like https/ssl(port 443) or email client's ports to directly access the internet instead of going through our proxy server.
Here's a little diagram of our network:
What I did so far is:
1. Block out all connection request from our router settings except for our proxy server (adminserver ) only, this will force our users to use the proxy settings for their other applications.
2. Set all client's pc's to use the gateway 'adminserver'.
3. Setup transparent proxy for squid. For http requests.
Everything else is working fine so far, except that opening up ssl-enabled sites (mail.yahoo.com) creates a timeout error and email clients seems to not work even with proxy settings enabled.
What I need is some sort of iptable rule to grab all port 443 connections and make it connect directly to the internet ... I used webmin to formulate a rule but that didn't work (I have little knowledge of iptables as of the moment) ... so I thought of asking for help here, anyone?
Here's my current rule:
-A PREROUTING -p tcp -m tcp -i eth0 --dport 443 -j DNAT --to-destination 192.168.100.3