Transparent proxy for Internet Sharing, allow https pass through

I'm trying to do the following:

1. Have my Mac Pro (Yosemite 10.10.2) connected to an Ethernet network. (done)


2. Share this connection via Wi-Fi. (done)


3. Have the Wi-Fi clients use a transparent proxy (Charles) running on the Mac Pro. (done)


4. Pass https and ssh traffic (from Wi-Fi clients) through directly without proxy (can't get this to work)

I've set up Internet Connection sharing and installed Charles. In pf I've set up the following rule:

rdr on bridge100 inet proto tcp to any port www -> 127.0.0.1 port 8080

Basically this redirects all port 80 traffic from the Wi-Fi clients to the Charles proxy on port 8080. This part works well.

The problem is that whenever pf is enabled, no traffic of any kind passes through the Mac Pro. If I disable pf with "pfctl -d", everything works, but of course nothing is sent to the proxy. But whenever I enable pf with "pfctl -e", nothing passes through from the Wi-Fi clients. I really want to have the proxy transparent so please do not propose manually editing the client's proxy configurations.

So: what rule should I use to let Wi-Fi clients using https or ssh pass through the Mac Pro (without using proxy). I only want to use proxy for http.

I've tried at least two dozen rules, starting from simple "pass", but nothing works. I do not have any other rules except the default ones by Apple and the one shown above.