Of course, it's not giving the real IP address, but at least some address that remains the same over time.
Sorry, what do you mean by this?
Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.1 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.1 0.0.0.0 255.255.255.0 U 0 0 0 eth2 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1 iptables -t nat -A POSTROUTING -i eth2 -o eth1 \ -j NETMAP --to-dest 192.168.1.0/24 iptables -t nat -A POSTROUTING -s 192.168.1.2 -o eth1 -m owner \ --uid-owner squid -j SNAT --to-source 192.168.1.2-192.168.1.254 The latter... it does not SNAT to the "real" address (i.e. 192.168.2.123 might get 192.168.1.240 instead of 192.168.1.123), but it suffices. Jan Engelhardt --