etherian Posted July 19, 2017 Posted July 19, 2017 i need to setup proxy iptables -t nat -A PREROUTING -p tcp --dport 2106 -j DNAT --to-destination xxx.xxx.xxx.xxx:2106 iptables -t nat -A PREROUTING -p tcp --dport 7777 -j DNAT --to-destination xxx.xxx.xxx.xxx:7777in the .ini there is only Proxy = any clue? is my 1st time using this config, im used to set up common way for login Quote
0 eressea Posted July 20, 2017 Posted July 20, 2017 (edited) It's additional proxy or you just have server behind NAT and need port forwarding? If it's just port forwarding, you don't need anything else than DNAT and enabling IPv4 forwarding sysctl net.ipv4.ip_forward=1 Also packets from server must go back through the proxy (it must be default gateway for the server) If it's real proxy (another server endpoint): http://www.maxcheaters.com/topic/206180-patched-hauth-to-support-multiple-ip-addressesproxies/?hl=hauthd Also you'll have to learn something about policy-based routing because when you have two endpoints, server will still send packets via default gateway - which will be your primary IP address. So if packet comes to l2server via proxy, it must go back to client via the very same proxy - not via default gateway. You should read something about it (google linux policy based routing), this can help you a bit: On router: Mark incoming packets and restore mark for outgoing packets: iptables -t mangle -A PREROUTING -i tun0 -p tcp -m tcp --dport 7777 -j CONNMARK --set-mark 100 # mark packets from 1st proxy iptables -t mangle -A PREROUTING -i tun1 -p tcp -m tcp --dport 7777 -j CONNMARK --set-mark 101 # mark packets from 2nd proxy iptables -t mangle -A PREROUTING -i tun2 -p tcp -m tcp --dport 7777 -j CONNMARK --set-mark 102 # mark packets from 3rd proxy iptables -t mangle -A PREROUTING -i br1 -p tcp -m tcp --sport 7777 -j CONNMARK --restore-mark # restore mark on packets going back Use policy-based routing based on packet mark: ip rule add fwmark 100 table 100 # if packet is marked as from 1st proxy, use routing table 100 ip route add default via 10.8.0.1 table 100 # routing table 100 - default gateway is 1st proxy internal address ip rule add fwmark 101 table 101 # if packet is marked as from 2nd proxy, use routing table 101 ip route add default via 10.8.1.1 table 101 # routing table 101 - default gateway is 2nd proxy internal address ip rule add fwmark 102 table 102 # if packet is marked as from 3rd proxy, use routing table 102 ip route add default via 10.8.2.1 table 102 # routing table 102 - default gateway is 3rd proxy internal address On proxy: up iptables -t nat -A PREROUTING -m tcp -p tcp --dport 7777 -j DNAT --to-destination 10.8.0.2:7777 Edited July 20, 2017 by eressea Quote
0 etherian Posted July 20, 2017 Author Posted July 20, 2017 (edited) It's additional proxy or you just have server behind NAT and need port forwarding? If it's just port forwarding, you don't need anything else than DNAT and enabling IPv4 forwarding sysctl net.ipv4.ip_forward=1 Also packets from server must go back through the proxy (it must be default gateway for the server) If it's real proxy (another server endpoint): http://www.maxcheaters.com/topic/206180-patched-hauth-to-support-multiple-ip-addressesproxies/?hl=hauthd Also you'll have to learn something about policy-based routing because when you have two endpoints, server will still send packets via default gateway - which will be your primary IP address. So if packet comes to l2server via proxy, it must go back to client via the very same proxy - not via default gateway. You should read something about it (google linux policy based routing), this can help you a bit: On router: Mark incoming packets and restore mark for outgoing packets: iptables -t mangle -A PREROUTING -i tun0 -p tcp -m tcp --dport 7777 -j CONNMARK --set-mark 100 # mark packets from 1st proxy iptables -t mangle -A PREROUTING -i tun1 -p tcp -m tcp --dport 7777 -j CONNMARK --set-mark 101 # mark packets from 2nd proxy iptables -t mangle -A PREROUTING -i tun2 -p tcp -m tcp --dport 7777 -j CONNMARK --set-mark 102 # mark packets from 3rd proxy iptables -t mangle -A PREROUTING -i br1 -p tcp -m tcp --sport 7777 -j CONNMARK --restore-mark # restore mark on packets going back Use policy-based routing based on packet mark: ip rule add fwmark 100 table 100 # if packet is marked as from 1st proxy, use routing table 100 ip route add default via 10.8.0.1 table 100 # routing table 100 - default gateway is 1st proxy internal address ip rule add fwmark 101 table 101 # if packet is marked as from 2nd proxy, use routing table 101 ip route add default via 10.8.1.1 table 101 # routing table 101 - default gateway is 2nd proxy internal address ip rule add fwmark 102 table 102 # if packet is marked as from 3rd proxy, use routing table 102 ip route add default via 10.8.2.1 table 102 # routing table 102 - default gateway is 3rd proxy internal address On proxy: up iptables -t nat -A PREROUTING -m tcp -p tcp --dport 7777 -j DNAT --to-destination 10.8.0.2:7777 yes atm im behind 2 routers and i want to set also few login gateways for better ping from different locations by now i must fwd ports on router 1 and router 2 in comming weeks i will add the other thing when i get direct conection to wan ip Edited July 20, 2017 by etherian Quote
Question
etherian
i need to setup proxy
iptables -t nat -A PREROUTING -p tcp --dport 2106 -j DNAT --to-destination xxx.xxx.xxx.xxx:2106
iptables -t nat -A PREROUTING -p tcp --dport 7777 -j DNAT --to-destination xxx.xxx.xxx.xxx:7777
in the .ini there is only
Proxy =
any clue? is my 1st time using this config, im used to set up common way for login
2 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.