Linux Router Caching Proxy Content Filter?

Kimball Larsen kimball at kimballlarsen.com
Tue Jul 21 10:23:25 MDT 2009


Michael,


On Jul 21, 2009, at 9:21 AM, Michael Torrie wrote:

> Kimball Larsen wrote:
>> 192.168.0.1 is a WRT54G running OpenWRT with a firewall that I put
>> together myself. (dangerous, in my experience).
>
> Oh, why is this?

Because I don't speak firewall very well, and (as Hans can attest)  
frequently get it wrong. ;-)

>
>> a)  Change the firewall on 192.168.0.1 to *only* allow traffic on all
>> ports from 192.168.0.4.  Refuse to even accept connections from the
>> lan side from anything else.
>
> I'm sure you could do this with iptables and static routes, but  
> seems to
> be pointless to me.  If your hell-bent on doing this, just put your  
> lan
> and silver on a different subnet and then standard routing applies,
> although this seems overly convoluted.


Here is a diagram of what I have settled on for the physical  
connections:

http://www.kimballlarsen.com/plug/homeNetwork.png

I want to keep the OpenWRT box there because it already handles all  
the port forwarding and nat for traffic to Silver. (web, mail, dns,  
etc), and I'd prefer to have something between the internet and a  
physical ethernet connection to silver.  Call me paranoid.  I also  
want to have 2 separate subnets so that when I have house guests with  
some technical ability they can't just change their gateway IP and  
circumvent the filter.

The idea here, then, is to set up Silver to act as a router/gateway  
between 192.168.0.x and 192.168.1.x.  Silver's eth0 will be  
192.168.0.1, eth1 will be 192.168.1.2.  Also, I want to set up content  
filtering for whatever a careful parent should be filtering for their  
house (web, im (if possible), mail? Others?)

Now, though our approaches do differ a bit, I would be interested in  
seeing whatever portions of your configurations you are willing to  
share.

Thanks!

-- Kimball 





More information about the PLUG mailing list