Greetings,

I am trying to determine if there is anyone possible I can preserve the real
client IP's so they can be available to me in the log file.

Here is my scenario.

Firewall running linux, redirects to an internal FreeBSD machine that is
running squid.


iptables -t nat -A PREROUTING -i ethx -s ! squid-box -p tcp --dport 80 -j
DNAT --to squid-box:3128

iptables -t nat -A POSTROUTING -o ethx -s local-network -d squid-box -j SNAT
--to iptables-box

iptables -A FORWARD -s local-network -d squid-box -i ethx -o ethx -p tcp
--dport 3128 -j ACCEPT


The above rules are working fine, except for the fact the logs indicate the
IP address of my internal firewall NIC.

Is there any hope of preserving the real client IP via an iptables rule?
Any help would be appreciated. Thank you.