On Sat, Mar 23, 2013 at 08:30:10PM +0800, Hexchain Tong wrote:
On Sat, Mar 23, 2013 at 2:39 PM, Bill Sun <cap.sensitive@gmail.com> wrote:
I'm thinking about running a http server that handles all the authentication for Server 2 (such as dante?), then forward all packets to that server (running in Server 1). But I don't know how to write corresponding iptables rules. So how to write such rules?
You need to setup another proxy on Server 1. Take squid for example, in squid.conf, set upstream server using cache_peer and authentication parameters (please refer to squid manual because I don't know how to do it :-P ), and set a port that handles intercepted traffic (or it won't work!):
http_port <local_squid_port> intercept
and insert the following iptables rule:
iptables -t nat -A PREROUTING -s <ip_addr_for_pptp> -p tcp --dport 80 -j REDIRECT --to-port <local_squid_port> Great! It works! But I need to add an additional iptables rule: iptables -t nat -A POSTROUTING -j ACCEPT
Regards.