squid proxy passing lan client ip ( public) to remote site

[syadnom]

I am looking for a way to get client IP addresses to remote servers to truly make squid transparent.

This is for a WISP where the clients have public IP addresses and squid would sit parallel to the core router.

I can't find any documentation on how to 'de'-NAT the proxied connections

CLIENT IP > router/nat > squid > router/nat > remote site
where remote site sees only CLIENT IP > remote site.

any ideas on this being possible and/or how to do it?

[Irithori]

I think, the closest to what you want is this:
X-Forwarded-For - Wikipedia, the free encyclopedia

The problem is:
If squid really would replace the source IP, then the webservers would try to answer the clients directly.
ie: circumventing the squid.

And probaly it wouldnt work, as the tcp sequence number wouldnt match:
The client sends a request ( = packets ), but squid creates new packets, aka new sequence numbers

[syadnom]

I had been googling for nearly an hour and hadn't found anything when I posted this, but then stumbled on a patched iptables with cttproxy.

This turns the squid box into a bridge that truly transparently proxies as the tproxy keeps a special table in iptables to track the NAT from orig>squid and back squid>orig.

I have not set this up yet but I will try it this weekend. Have to build a patched kernel, squid, and iptables to do it..