On Sat, Mar 23, 2013 at 2:39 PM, Bill Sun <cap.sensitive@gmail.com> wrote:
I'm thinking about running a http server that handles all the authentication for Server 2 (such as dante?), then forward all packets to that server (running in Server 1). But I don't know how to write corresponding iptables rules. So how to write such rules?
You need to setup another proxy on Server 1. Take squid for example, in squid.conf, set upstream server using cache_peer and authentication parameters (please refer to squid manual because I don't know how to do it :-P ), and set a port that handles intercepted traffic (or it won't work!): http_port <local_squid_port> intercept and insert the following iptables rule: iptables -t nat -A PREROUTING -s <ip_addr_for_pptp> -p tcp --dport 80 -j REDIRECT --to-port <local_squid_port>