Linux Router Caching Proxy Content Filter?

Dallin Jones squitoey at
Tue Jul 21 05:51:29 MDT 2009

On Jul 20, 2009, at 9:32 PM, Kimball Larsen  
<kimball at> wrote:

> Howdy smart people!
> I've got a new Ubuntu Jaunty box (named "Silver") with 2 nics -
> and   My home gateway is
> I'd like to set up the jaunty box to be the new gateway for all my in-
> house traffic, such that all clients would connect like this:
> Client -> -> Firewall/Content Filter -> ->
> -> DSL Modem -> Internets.
> is a WRT54G running OpenWRT with a firewall that I put
> together myself. (dangerous, in my experience).

Why not remove the WRT54g entirely and use .0.4 as your router? That's  
what I did at my parents house, I Aldo put a dhcp server on it so it  
could divy out ip addresses. I have squid guard running as a  
transparent proxy to filter the traffic.

After I did that I disabled the dhcp server from the wireless router  
and and the plugged it onto the network (I simply ignored the Internet  
port on it)

Might not be the beat in the world but it works very well.

The. Other option is on the OpenWRT box setup squid on it and then  
filter all traffic against you .0.4 filter. has a really nice tutorial about setting up squid as a  
transparent proxy. Even helps out with the iptables rules. Which in my  
opinion was the hardest part of the setup.

> Here is what I need some help with:
> a)  Change about the firewall on to *only* allow traffic  
> on all
> ports from  Refuse to even accept connections from the
> lan side from anything else.
> b)  Set up silver to act as a router for the rest of the network, so
> that all the clients use 0.5 as their gateway, and silver internally
> routes everything from 0.5 to 0.4, which in turn uses 0.1 as its
> gateway.
> c)  Set up DansGuardian or somesuch in conjunction with squid or
> whatever is the best for DG to allow for content filtering of all web
> and IM traffic.

Never needed to filter IM traffic before, I should play with that.
> I've got a house full of kids that are getting old enough that the
> sesame street and PBS sites are not keeping up with them anymore, but
> I don't want to have to make huge whitelists of sites they can visit
> on every computer in the house.  I'd rather centralize the whole
> affair as above, but I've never done the whole DansGuardian thing
> before.  Tips?  Pointers?  Someone want to do this for me?

I don't have access to the configs right now but I can get them for  
you later tonight. Good luck.

--Dallin Jones
me at

> Oh, one last thought:
> Silver runs a bunch of other services for me that I *really* don't
> want to interrupt with the firewall config on it:
> Websites (, http://
>,, etc, etc)
> Email for all the above sites
> DNS for all my domains
> Etc.
> All this traffic goes through 0.4 already, as I just installed the 0.5
> interface this evening.
> Thanks!
> -- Kimball

> /*
> PLUG:, #utah on
> Unsubscribe:
> Don't fear the penguin.
> */

More information about the PLUG mailing list