Linux Router Caching Proxy Content Filter?
Kimball Larsen
kimball at kimballlarsen.com
Tue Jul 21 10:23:25 MDT 2009
Michael,
On Jul 21, 2009, at 9:21 AM, Michael Torrie wrote:
> Kimball Larsen wrote:
>> 192.168.0.1 is a WRT54G running OpenWRT with a firewall that I put
>> together myself. (dangerous, in my experience).
>
> Oh, why is this?
Because I don't speak firewall very well, and (as Hans can attest)
frequently get it wrong. ;-)
>
>> a) Change the firewall on 192.168.0.1 to *only* allow traffic on all
>> ports from 192.168.0.4. Refuse to even accept connections from the
>> lan side from anything else.
>
> I'm sure you could do this with iptables and static routes, but
> seems to
> be pointless to me. If your hell-bent on doing this, just put your
> lan
> and silver on a different subnet and then standard routing applies,
> although this seems overly convoluted.
Here is a diagram of what I have settled on for the physical
connections:
http://www.kimballlarsen.com/plug/homeNetwork.png
I want to keep the OpenWRT box there because it already handles all
the port forwarding and nat for traffic to Silver. (web, mail, dns,
etc), and I'd prefer to have something between the internet and a
physical ethernet connection to silver. Call me paranoid. I also
want to have 2 separate subnets so that when I have house guests with
some technical ability they can't just change their gateway IP and
circumvent the filter.
The idea here, then, is to set up Silver to act as a router/gateway
between 192.168.0.x and 192.168.1.x. Silver's eth0 will be
192.168.0.1, eth1 will be 192.168.1.2. Also, I want to set up content
filtering for whatever a careful parent should be filtering for their
house (web, im (if possible), mail? Others?)
Now, though our approaches do differ a bit, I would be interested in
seeing whatever portions of your configurations you are willing to
share.
Thanks!
-- Kimball
More information about the PLUG
mailing list