Getting tproxy working on-router is easy...but I can't seem to figure out the magic sauce to get packets redirected properly on the return trip from a remote host.
With transparent proxy enabled, if the service is on a different machine on the LAN, the packet is forwarded with the source IP as the Internet caller and the dest as the remote machine. The reply packet comes back to the router (because it's the default gateway of the remote machine), but won't be tagged by iptables with mark 0x01 and won't flow through localhost (and I'm not even sure it should).
Anyone ever gotten something like this working? I realize it's a bit obscure, but figured I'd take a chance.