[tproxy] doing SNAT after tproxy doing IP spoofing

Kannan Sampath kannankvs at gmail.com
Tue Aug 21 10:39:42 CEST 2007

I am looking for a solution, where I want to use TPROXY to do the IP
spoofing, followed by SNAT.
When I tried to add a rule in POSTROUTE nat iptable for my SNAT, it is never

In my case, the user machine's IP addr is <>, and
the IP address of the Squid machine on user side is<>.
User's http packet arrives Squid machine. I have already applied tproxy
patch. The IP address of Squid machine's physical interface on internet side
is <>. When the Squid establishes connection
with internet server, lets say google.com <http://google.com/_> (IP address
is <> example), then the packet has to go with
SourceIP address as
I have a static SNAT for the user IP address as follows in POSTROUTE nat
iptable as " <> <---> <>

i.e, After doing the IP Spoofing, we need to apply static NAT.

With TPROXY, it is not working as I expected. Instead, it is sending the
packet with source IP addr as

How do we resolve this issue?

Thanks in advance, and sorry for the big email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20070821/90ebcbeb/attachment.htm 

More information about the tproxy mailing list