Setting up a proxy server that uses a vpn connection

Six year later I came to this question and almost let it down based on the accepted answer. As of today, it is not complicated, using policy routing. All the details are available on this same site, at https://serverfault.com/a/389004/70774.

In my case, I had first to make sure that the vpn was not the default route. How you will achieve that depends on what kind of connection manager you are using.

The proxy (tinyproxy) is running with its own user, so I mark all the packages coming from this user with the command

iptables -t mangle -A OUTPUT -m owner --uid-owner 125 -j MARK --set-mark 2

where 125 is the uid of the tinyproxy user and 2 is an arbitrary number, to be matched later.

Then I instruct the routing system to use a specific table to route all requests marked with 2.

ip rule add fwmark 2 table 3

Again, the 3 is just an arbitrary number. Just pray attention to choose an unused table (just see if there is something on the table with you choose with ip route list table 3 ).

Then I populate the table 3 with my default route:

ip route add default dev ppp0 via proto static scope link metric 1024

The last step was making a masquerading rule, of which I do not fully understand the necessity:

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Et voilà!