[arch-general] Forward all PPTP VPN packets to another proxy?
Hi, Currently I have a arch linux server running PPTP VPN (for iOS devices only), and I forward all PPTP VPN packets to local eth0: iptables -A POSTROUTING -s <ip_addr_for_pptp> -o eth0 -j MASQUERADE Now I got a external proxy, and I want all the traffic currently through the PPTP VPN then through that extenal proxy (it's a http proxy, and requires authentication). If my description is confusing, please consult this chart: iOS --> Server 1 (PPTP VPN) --> Server 2 (http proxy, authentication required) --> Web Server {1,2} both have dedicated external IP address. I have root permission for Server 1, and nothing for Server 2 (except for the http proxy account). I'm thinking about running a http server that handles all the authentication for Server 2 (such as dante?), then forward all packets to that server (running in Server 1). But I don't know how to write corresponding iptables rules. So how to write such rules? Regards.
On Sat, Mar 23, 2013 at 2:39 PM, Bill Sun <cap.sensitive@gmail.com> wrote:
I'm thinking about running a http server that handles all the authentication for Server 2 (such as dante?), then forward all packets to that server (running in Server 1). But I don't know how to write corresponding iptables rules. So how to write such rules?
You need to setup another proxy on Server 1. Take squid for example, in squid.conf, set upstream server using cache_peer and authentication parameters (please refer to squid manual because I don't know how to do it :-P ), and set a port that handles intercepted traffic (or it won't work!): http_port <local_squid_port> intercept and insert the following iptables rule: iptables -t nat -A PREROUTING -s <ip_addr_for_pptp> -p tcp --dport 80 -j REDIRECT --to-port <local_squid_port>
On Sat, Mar 23, 2013 at 08:30:10PM +0800, Hexchain Tong wrote:
On Sat, Mar 23, 2013 at 2:39 PM, Bill Sun <cap.sensitive@gmail.com> wrote:
I'm thinking about running a http server that handles all the authentication for Server 2 (such as dante?), then forward all packets to that server (running in Server 1). But I don't know how to write corresponding iptables rules. So how to write such rules?
You need to setup another proxy on Server 1. Take squid for example, in squid.conf, set upstream server using cache_peer and authentication parameters (please refer to squid manual because I don't know how to do it :-P ), and set a port that handles intercepted traffic (or it won't work!):
http_port <local_squid_port> intercept
and insert the following iptables rule:
iptables -t nat -A PREROUTING -s <ip_addr_for_pptp> -p tcp --dport 80 -j REDIRECT --to-port <local_squid_port> Great! It works! But I need to add an additional iptables rule: iptables -t nat -A POSTROUTING -j ACCEPT
Regards.
participants (2)
-
Bill Sun
-
Hexchain Tong