Hi, I am looking for a solution, where I want to use TPROXY to do the IP spoofing, followed by SNAT. When I tried to add a rule in POSTROUTE nat iptable for my SNAT, it is never hit. In my case, the user machine's IP addr is 10.0.0.1 <http://80.0.0.1/_>, and the IP address of the Squid machine on user side is 10.0.0.99<http://80.0.0.99/_>. User's http packet arrives Squid machine. I have already applied tproxy patch. The IP address of Squid machine's physical interface on internet side is 90.0.0.99 <http://90.0.0.99/_>. When the Squid establishes connection with internet server, lets say google.com <http://google.com/_> (IP address is 150.0.0.1 <http://150.0.0.1/_> example), then the packet has to go with SourceIP address as 70.0.0.1 I have a static SNAT for the user IP address as follows in POSTROUTE nat iptable as "10.0.0.1 <http://80.0.0.1/_> <---> 70.0.0.1 <http://70.0.0.1/_> ". i.e, After doing the IP Spoofing, we need to apply static NAT. With TPROXY, it is not working as I expected. Instead, it is sending the packet with source IP addr as 10.0.0.1. How do we resolve this issue? Thanks in advance, and sorry for the big email. Regards, Kannan.