On Sat, Mar 23, 2013 at 08:30:10PM +0800, Hexchain Tong wrote:
> On Sat, Mar 23, 2013 at 2:39 PM, Bill Sun <cap.sensitive@xxxxxxxxx> wrote:
> >
> > I'm thinking about running a http server that handles all the
> > authentication for Server 2 (such as dante?), then forward all packets
> > to that server (running in Server 1). But I don't know how to write
> > corresponding iptables rules. So how to write such rules?
>
> You need to setup another proxy on Server 1. Take squid for example,
> in squid.conf, set upstream server using cache_peer and authentication
> parameters (please refer to squid manual because I don't know how to
> do it :-P ), and set a port that handles intercepted traffic (or it
> won't work!):
>
> http_port <local_squid_port> intercept
>
> and insert the following iptables rule:
>
> iptables -t nat -A PREROUTING -s <ip_addr_for_pptp> -p tcp --dport 80
> -j REDIRECT --to-port <local_squid_port>
Great! It works! But I need to add an additional iptables rule:
iptables -t nat -A POSTROUTING -j ACCEPT
Regards.
