If eth0 is your internal connection and eth1 your external connection, try something along the lines of:
Originally Posted by robjcrowston
iptables -t filter -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT
That should forward any internal traffic on port 443 (HTTPS) to the Internet, i.e. any HTTPS request from your internal network gets passed out to the Internet with no questions asked.
Originally Posted by dhicks
What's the purpose of having the proxy? The forwarding rule that dhicks listed will work, but will forward all HTTPS traffic, thus negating any content filtering you may have setup.
The internet connection we are provided with comes in to the school ready proxied, we have to point machines to a proxy server at the local authority, there is no "transparent internet" so to speak, the purpose of the transparent proxy is to have a cache_peer setup to the proxy server further up in the chain, it also allows us to block certain sites we dont visitors accessing but do want authenticated users to. we currently dont really have a way of blocking https access anyway, so we are not really losing anything.
I think the answer is going to be your solution, to setup forwarding rules directly to exchange for the webmail, and not provide https. As there is no transparent internet on the WAN side of the proxy server anyway, I assume @dhicks solution wouldnt work.
Appologies if im missing anything, Im new to squid and ip tables.