Hello, the Squid web proxy (version 3) has a mode to act as a transparent proxy; however, the IP that shows up in the webserver (or parent webcache) is that of the squid, not the IP of the clients. I thought there might be some netfilter magic I could do, but using iptables would require me to know the source IP in advance, which I do not. I did/do not want to use a PF_SOCKET, because it would be too much work for just changing the source address. So maybe there is a better way to do this? What I would prefer is something like this cut-down pseudo-C code: int input_fd = accept(...); getsockname(input_fd, &source_ip, ...); read(input_fd, &dest_ip, ...); int output_fd = socket(AF_INET, SOCK_STREAM, ...); start_snat(output_fd, &source_ip); // some sort of bind() or whatever connect(output_fd, &dest_ip); is this possible by any means? (And if I need to write some kernelspace code, let it be...) Regards, Jan Engelhardt --
