Good day! Please help to organize a reverse/transparent proxy server.
You need to forward the specific port (999) from one server (220.127.116.11) to another server (18.104.22.168) and thus to keep the real IP address of the client. I'm pretty sure that by a rule in iptables that is not possible, but still use the rules:
iptables-t nat -A PREROUTING policy -i venet0 -p tcp --dport 999 -j DNAT --to 22.214.171.124:999
iptables-t nat -A POSTROUTING -j MASQUERADE
These servers are not in LAN and both addresses 126.96.36.199 and 188.8.131.52 are available from the Internet. i.e. requests coming in, for example 184.108.40.206 from the client to the server 220.127.116.11:999 successfully routed to 18.104.22.168:999, and all was well until not required to determine the real client ip address for requests to 22.214.171.124 after the MASQUERADE come from the address 126.96.36.199 is 188.8.131.52.
Tried to study the issue with TPROXY mangle in, but unfortunately could not understand. Please help to find solution for reverse proxy, where it will be possible to transfer the real address of the client.