Is it possible to transparently redirect windows update clients to a WSUS that are standalone at the router level?
To give some background: We're an IT recycling/refurb company, registered under the "MARS" program; we have a server setup to download windows updates for the AD-bound workstations (as dictated by group policy at the domain level), but we also install windows on end-user machines that are being refurbished for sale. In the network topology is a CentOS-based server running squid which handles HTTP caching (it is configured to be a transparent router with iptables rules to redirect port 80 requests to the squid software), all internet-bound traffic passes through this server before going out on the uplink.
Ideally, I want to configure that caching server to recognise windows update requests that are headed for the microsoft public update servers and instead redirect that traffic to the WSUS server used by AD clients without modifying the standalone machines themselves.