Linux Router Caching Proxy Content Filter?

Kimball Larsen kimball at
Tue Jul 21 10:23:25 MDT 2009


On Jul 21, 2009, at 9:21 AM, Michael Torrie wrote:

> Kimball Larsen wrote:
>> is a WRT54G running OpenWRT with a firewall that I put
>> together myself. (dangerous, in my experience).
> Oh, why is this?

Because I don't speak firewall very well, and (as Hans can attest)  
frequently get it wrong. ;-)

>> a)  Change the firewall on to *only* allow traffic on all
>> ports from  Refuse to even accept connections from the
>> lan side from anything else.
> I'm sure you could do this with iptables and static routes, but  
> seems to
> be pointless to me.  If your hell-bent on doing this, just put your  
> lan
> and silver on a different subnet and then standard routing applies,
> although this seems overly convoluted.

Here is a diagram of what I have settled on for the physical  

I want to keep the OpenWRT box there because it already handles all  
the port forwarding and nat for traffic to Silver. (web, mail, dns,  
etc), and I'd prefer to have something between the internet and a  
physical ethernet connection to silver.  Call me paranoid.  I also  
want to have 2 separate subnets so that when I have house guests with  
some technical ability they can't just change their gateway IP and  
circumvent the filter.

The idea here, then, is to set up Silver to act as a router/gateway  
between 192.168.0.x and 192.168.1.x.  Silver's eth0 will be, eth1 will be  Also, I want to set up content  
filtering for whatever a careful parent should be filtering for their  
house (web, im (if possible), mail? Others?)

Now, though our approaches do differ a bit, I would be interested in  
seeing whatever portions of your configurations you are willing to  


-- Kimball 

More information about the PLUG mailing list