How do I configure a transparent proxy where the proxy server is remote?

**What I am trying to acheive** I have a CentOS (6.8) box 1.1.1.1 and a remote squid proxy server 2.2.2.2 I am trying to emulate the results of curl http://google.com -x 2.2.2.2:3128 with applications that don't have a HTTP proxy option, and don't respect the http_proxy variable (such as telegraf) **What I have tried so far** I've tried setting up iptables rules to forward traffic to the proxy: iptables -t nat -A PREROUTING -i eth0 ! -s 2.2.2.2 -p tcp --dport 80 -j DNAT --to 2.2.2.2:3128 iptables -t nat -A POSTROUTING -o eth0 -s 1.1.1.1 -d 2.2.2.2 -j SNAT --to 1.1.1.1 iptables -A FORWARD -s 1.1.1.1 -d 2.2.2.2 -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT I then discovered that DNAT doesn't work properly if one is sending the traffic to a remote box, as return traffic doesn't route correctly. Based on this, I moved the application to a docker container (172.17.0.9) on the CentOS box, and planned to keep the iptables config on the host, amending the iptables config thusly: iptables -t nat -A PREROUTING -i eth0 ! -s 2.2.2.2 -p tcp --dport 80 -j DNAT --to 2.2.2.2:3128 iptables -t nat -A POSTROUTING -o eth0 -s 172.17.0.0/16 -d 2.2.2.2 -j SNAT --to 1.1.1.1 iptables -A FORWARD -s 172.17.0.0/16 -d 2.2.2.2 -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT I also tried the following ruleset: iptables -t nat -A PREROUTING -i eth0 -s 172.17.0.0/16 -p tcp --dport 80 -j DNAT --to-destination 2.2.2.2:3128 iptables -t nat -A POSTROUTING -o eth0 -d 2.2.2.2/32 -j MASQUERADE The result of both of these rulesets was that http traffic was still attempting to go directly to the destination, rather than through the proxy. [root@host ~]# tcpdump -nnn host 216.58.201.35 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 15:26:24.536668 IP 1.1.1.1.38566 > 216.58.201.35.80: Flags [S], seq 3885286223, win 14600, options [mss 1460,sackOK,TS val 2161333858 ecr 0,nop,wscale 9], length 0 The default gateway on the docker container is correctly set to the host, IP forwarding is enabled on the host. [root@docker /]# ip route default via 172.17.0.1 dev eth0 [root@host ~]# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 Am I missing something obvious here?