sonertari
I configured TProxy, but SSLProxy keeps performing NAT continuously
I am not sure if this will help but: You have 127.0.0.1 as ReturnAddr, unless both SSLproxy and the listening program (your UTM) are running on the same machine, I don't think that would work. Then again if both are on the same machine, you don't need to use ReturnAddr, just use loopback addresses.
DivertAddr is for remote listening programs (your UTM at 192.168.12.223). And ReturnAddr is for the listening program to give the packets diverted to it back to SSLproxy (at 192.168.12.112). So normally your UTM program should return those packets to 192.168.12.112, as SSLproxy is at that address.
In short, I would expect that you configure ReturnAddr to 192.168.12.112 instead. But I don't know your setup.
If you comment out those divert/return address options, SSLproxy uses the default loopback address (127.0.0.1).
After decrypting the packets, SSLproxy opens a new connection to the UTM (from 192.168.12.112 to 192.168.12.223), hence the original src/dst addresses are lost. And I don't think tproxy or any iptables rules can do anything about that. That's the reason for existence of the SSLproxy line injected into the first data packet in the connection, where SSLproxy passes those src/dst addresses. But you sound like you already know such details about SSLproxy, so are you asking something else?
Your description is mostly correct, but:
- You omitted that your UTM gives the packets it inspected (possibly modified) back to SSLproxy
- SSLproxy reencrypts the packets and sends them to their original destination, normally a server, but in your case I guess you call it the client (via the Switch in your diagram, which diverted the packets to SSLproxy).
That's explained in the Mode of Operation section in the README.