Hi
I am sorry, but I think that your chances for success are quite small (if I understood what you want to do).
But: it might depend what you mean with "see the IP of..." => "what" is supposed to see the source IP address?
In any case, basically: I think that the only way that the incoming connection from "CLIENT" through httpS can be handled by your "SERVER2" going through "SERVER1" is for "SERVER1" to be a level 2 (or 3?) kind-of-loadbalancer => that way the contents of the public certificate that CLIENT sends would not be touched by SERVER1 and then SERVER2 would be able to perform the handshake the usual way that httpS works... .
Implementing a normal proxy on SERVER1 would terminate there the client's httpS connection and on SERVER2 you would get only informations/certificates that relate to SERVER1 and not to the CLIENT.
Is this more or less what you want to do?
If yes, I think that in the current linux kernels there is already a level2/3 loadbalancer/proxy available as module... (but I cannot remember how it's called
).