Dear community,
since I am a german guy, excuse gramatical mistakes.
I create a proxy to hide my application servers public IP from my customers.
I am actually using those 3 lines
(for testing reasons I am forwarding the traffic which connects to the ubuntu proxy to my apache webserver (5.196.130.245:80)
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 5.196.130.245:80
iptables -t nat -A POSTROUTING -j MASQUERADE
I show this to a friend/competitor and he said, lol, with this code ur "hiding" the costumers IP in ur Database logs
(for example, they use the register formular on the website username, password registerIP - and with my 3 lines of code the register IP is the proxys IP in every single case but he told me he got a way to see even the real Users IP, even if they connecting through the proxy)
So he sent me the following Picture of his script
Any1 knows / is able to describe me what he has done better / other than me? I cannot see any routing cmds in his script.
I'm now almost searching 5 days for a solution and this is my last hope to find it.
EDIT: okay, I just found out that this Script for setting up the iptables is not for forwarding any traffic.
For the redirecting/forwarding part he is using HAPROXY.
regards,
Julian
One thing I note in your friend's script is that it sets the firewall to drop all incoming connections before allowing port 22 (ssh) connections. If something goes wrong along the way on this, you'll need console access to get back in 
I'd recommend setting the -P INPUT DROP last tbh 
As you've noted, this is just INPUT filters, your one is just NAT/IPMASQ. So it's like comparing apples and oranges really.
Looking just at your rules, I don't see anything untoward there, it appears that you are causing the proxy to accept traffic arriving on port 80 and redirecting it to 5.196.130.245.
An external customer connecting to the address would not be able to detect the redirect and would see all their connections as going to and coming back from the address of your proxy.
The webserver would see all the connections as coming from the proxy server address, unless the customer is setting "X-Forwarded-For" headers in their requests (not all that uncommon to find) which would be passed along to the webserver and quite possibly included in it's logs.
If you have a little more background of what your end goal is, we might be able to offer more advice
I would recommend also adding a FORWARD rule to DROP anything not for that port arriving from the external interface, as you've turned on IP forwarding and at present your setup would happily forward anything anyone asks it to. It's note really serious but could exacerbate any existing security issue into a full exploit.
