How to make transparent proxy's source ip NOT unique ?

How to make transparent proxy's source ip NOT unique ?

Topology like this:
Client(s)<-->BOX<-->Gateway
where the BOX is inserted between Client(s) and its Gateway

On the box, we REDIRECT all client's incoming requests (related to some
protocol only)
to a local program which acts as a filter/proxy of the protocol.
The filter program will talk to the orginal server instead
and forward its responses back to the client.

Although it seems transparent for the client,
the gateway will see only the BOX's requests.
in some cases, this will be troublesome:
e.g. if there exsits rules based on per ip's traffic,
and all clients' requests will be invisible to gateway (because they
are proxyed).

Is it possible that the BOX still filters clients' packets,
yet keep its outgoing packtet's source ip as before redirected ?
(we also want the server's resposnse pass the BOX first)
Can a SNAT sufficient for this task ?
(The best effect is to use its original source ip.)

Furthur more, we want to differentiate clients' requests from BOX's,
that is, local(not proxyed) outgoing requests shoulded not be SNATed
(or at least, should not be fed into our filter program).

Can we achieve it just using iptables without modification of our
program ?
Or is there any API from netfilter extension that we can use
from user-level applicaiton (not kernel) to do SNAT ?

"Mickey Jerry" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com
> How to make transparent proxy's source ip NOT unique ?

You can make your proxy act like a bridge, not a router.
Thus it doesn't have any IP address.


--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

Can you give some advise on how to make a socket-API based user-space
program to act like a bridge ?

Or should I use a totally different set of APIs to achieve this feather
?