> > Here is my scenario. > > Firewall running linux, redirects to an internal FreeBSD machine that is > running squid. > > > iptables -t nat -A PREROUTING -i ethx -s ! squid-box -p tcp --dport 80 -j > DNAT --to squid-box:3128 > > iptables -t nat -A POSTROUTING -o ethx -s local-network -d squid-box -j SNAT > --to iptables-box > > iptables -A FORWARD -s local-network -d squid-box -i ethx -o ethx -p tcp > --dport 3128 -j ACCEPT > > > The above rules are working fine, except for the fact the logs indicate the > IP address of my internal firewall NIC. > > Is there any hope of preserving the real client IP via an iptables rule? > Any help would be appreciated. Thank you.
What you must do is to have the packets redirected to the proxy server box without using NAT. You can use MARK and policy routing for this purpose. Regards Henrik
