If I am setting up a proxy, does traffic that goes to it and out to the internet have the source IP address of the client or the IP address of the proxy?
I need to set up a network so that the proxy cannot be bypassed. I think it would be better if the traffic originated from the proxy so direct access by clients on the network can be denied.
If the proxy data keeps its source IP address, are there any ways to combat bypassing the proxy?
The proxy is an intermediary. Your gateway, and the hosts of external resources accessed by your clients, will observe IP traffic originating from the proxy, not the original client.
If use of the proxy is mandatory, you can and should configure a packet filter at the egress point to permit traffic from the proxy while denying any attempts at direct access by other clients. You may wish to place the proxy in its own network segment to avoid risk of bypassing the proxy using IP spoofing or data layer poisoning.
This arrangement does not preclude the proxy from including information to indicate the request was forwarded for another client. Your downstream clients are not automatically anonymous when they pass traffic via a proxy server. For example, web proxies may add the X-Forwarded-For header to any processed HTTP traffic, where the header contains the IP address(es) of the client machine(es) for which the traffic is forwarded. (These may be the addresses of the original requesting client, downstream proxies, or both.)