Thanks for your response

I try with or without outbound firewall enabled and it's the same... The AirLive hotspot act as a transparent proxy on port 2128, while Endian as transparent on port 8080... can you help me creating a firewall rule?
Endian use only one NIC, I configure RED as gateway and GREEN, the gateway is (the AirLive) so I'm not sure there is a NAT, because (when I disable AirLive authentication so Internet can work) on Endian and on AirLive logs I can see the original Client IPs.
I had try using two nics for Endian and in this case all works well, but my problem is I need that AirLive hotspot see the original Client IPs and not the IP of Endian... anyway if you have some suggets to pass the traffic from GREEN nic to RED nic without NAT, I can try the two NIC solution...