Hi,

I am looking for a solution, where I want to use TPROXY to do the IP spoofing, followed by SNAT.

When I tried to add a rule in POSTROUTE nat iptable for my SNAT, it is never hit.

In my case, the user machine's IP addr is 10.0.0.1, and the IP address of the Squid machine on user side is 10.0.0.99. User's http packet arrives Squid machine. I have already applied tproxy patch. The IP address of Squid machine's physical interface on internet side is 90.0.0.99. When the Squid establishes connection with internet server, lets say google.com (IP address is 150.0.0.1 example), then the packet has to go with SourceIP address as 70.0.0.1

I have a static SNAT for the user IP address as follows in POSTROUTE nat iptable as " 10.0.0.1 <---> 70.0.0.1".

i.e, After doing the IP Spoofing, we need to apply static NAT.

With TPROXY, it is not working as I expected. Instead, it is sending the packet with source IP addr as 10.0.0.1.

How do we resolve this issue?

Thanks in advance, and sorry for the big email.

Regards,

Kannan.