<div><font face="arial,sans-serif" size="2">Hi,</font></div>
<div><font face="arial,sans-serif" size="2">I am looking for a solution, where I want to use TPROXY to do the IP spoofing, followed by SNAT. </font></div>
<div><font face="arial,sans-serif" size="2">When I tried to add a rule in POSTROUTE nat iptable for my SNAT, it is never hit. </font></div>
<div><font face="arial,sans-serif" size="2"> </font></div>
<div><font face="arial,sans-serif"><font size="2">In my case, the user machine's IP addr is <span style="FONT-SIZE: 12pt; COLOR: black"><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://80.0.0.1/_" target="_blank">
10.0.0.1</a>, and the IP address of the Squid machine on user side is <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://80.0.0.99/_" target="_blank">10.0.0.99</a>. User's http packet arrives Squid machine. I have already applied tproxy patch. The IP address of Squid machine's physical interface on internet side is
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://90.0.0.99/_" target="_blank">90.0.0.99</a>. When the Squid establishes connection with internet server, lets say <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://google.com/_" target="_blank">
google.com</a> (IP address is <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://150.0.0.1/_" target="_blank">150.0.0.1</a> example), then the packet has to go with SourceIP address as <a href="http://70.0.0.1">
70.0.0.1</a></span></font></font></div>
<div><font face="arial,sans-serif"><font size="2"><span style="FONT-SIZE: 12pt; COLOR: black">I have a </span><span style="FONT-SIZE: 12pt; COLOR: black">static SNAT for the user IP address as follows in POSTROUTE nat iptable as "
</span><span style="FONT-SIZE: 12pt; COLOR: black"><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://80.0.0.1/_" target="_blank">10.0.0.1</a> <---> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://70.0.0.1/_" target="_blank">
70.0.0.1</a>".</span></font></font></div>
<p style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 12pt; COLOR: black"><font face="arial,sans-serif" size="2">i.e, After doing the IP Spoofing, we need to apply static NAT. </font></span></p>
<p style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 12pt; COLOR: black"><font face="arial,sans-serif" size="2"> </font></span></p>
<div style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 12pt; COLOR: black"><font face="arial,sans-serif" size="2">With TPROXY, it is not working as I expected. Instead, it is sending the packet with source IP addr as <a href="http://10.0.0.1">
10.0.0.1</a>.</font></span></div>
<div style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 12pt; COLOR: black"><font face="arial,sans-serif" size="2"></font></span> </div>
<div style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 12pt; COLOR: black"><font face="arial,sans-serif" size="2">How do we resolve this issue?</font></span></div>
<div style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 12pt; COLOR: black"><font face="arial,sans-serif" size="2"></font></span> </div>
<div style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 12pt; COLOR: black"><font face="arial,sans-serif" size="2">Thanks in advance, and sorry for the big email.</font></span></div>
<div style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 12pt; COLOR: black"><font face="arial,sans-serif" size="2"></font></span> </div>
<div style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 12pt; COLOR: black"><font face="arial,sans-serif" size="2">Regards,</font></span></div>
<div style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 12pt; COLOR: black"><font face="arial,sans-serif" size="2">Kannan.</font></span></div>