I am astonished. It seems that the core of my problem was ipv6; .... TCP_MISS_ABORTED: "1401736785.584 20020 127.0.0.1 TCP_MISS_ABORTED/000 0 GET http://www.google.com/url? - HIER_DIRECT/2607:f8b0:400f:801::1013 -" (I just noticed the unexpected ip6 type address. I do not know if that is relevant. I will now try to disable ipv6.) .... I disabled ipv6 in /etc/sysctl.d/99-sysctl.conf and now http[s] works as expected for manually configured clients. Why would this be? No matter. Now I am going to try and restore the transparent proxy. I added the intercept attribute to the http_port confing, and now even without tweaking the firewall, I am getting "Forwarding loop detected" warnings. Clients get access denied pages....
