From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
>
> No not useless. The NAT should be symmetrically unmangling any mangled
> destination on incoming traffic. As far as NAT is concerned the client is
> the real requestor. You just need to be careful that the unmangling
> happens BEFORE the tproxy return redirection toward squid.
>
> The internal side of the NAT gateway can and should be treated identical
> to the non-NAT firewall you mentioned. Both need to operate independant of
> tproxy and on the external side of any tproxy operations.
>
But the fact is that as soon as I turn on squid directive,
http_port 3128 tproxy transparent
I will get private IP belonging to the original http web requestor
appearing
in the internet line ----- EVEN THOUGH ----- I do have a POSTROUTING
rule in the nat table to SNAT. As a matter of fact,
iptables -t nat -nvL POSTROUTING
shows that the SNAT rule has been traversed ( and the counter is incremented
! ).
The problem goes away and everything works perfectly when I remove
'tproxy' in the squid directive !
