[ale] Proxy server / blocking router?

Robert L. Harris Robert.L.Harris at rdlg.net
Sat Mar 6 17:06:44 EST 2004 


My firewall is the dhcp client (my cablemodem doesn't do pppoe) however
yes, the firewall is the pppoe client.  For DNS you put a recursive DNS
server on the firewall then just point the machines inside the network
to the internal IP of the firewall.

I use 192.168.0.0 for my internal/NAT network.  My firewall has an
internal IP of 192.168.0.1, my proxy server is 192.168.0.200, etc.  I
run a bind9 client which listens on 192.168.0.1.

You could also find a recursive nameserver at an ISP or such that isn't
likely to go away and point your internal clients at that.


Thus spake Mike Murphy (mike at tyderia.net):

> [haven't messed with squid for a while]:
> 
> how does that work if your router is doing your PPPoE for you now? Do 
> you just set up the linux box as your PPPoE client then? If so, how 
> would you get good dns server information to the clients on your home 
> network (assuming you aren't running your own dns server somewhere, 
> which I suppose you could)?
> 
> Mike
> 
> 
> Robert L. Harris wrote:
> >
> >I put up a linux firewall between my network and my router.  The
> >firewall blocks ALL outgoing http/https traffic except from my desktop
> >and my squid proxy server.  
> >
> >The proxy box is a P3-450 to give you an idea of what is needed.  The 
> >squid server is also running squidguard with the chastity list.  Squidguard
> >redirects blocked traffic to a local file which tells them I've found
> >them going where I don't want them to and then logs the attempt.
> >
> >Squid and squidguard are VERY easy to set up.  I'd be willing to share
> >my config with you if you wish.
> >
> >
> >Thus spake griffisb at bellsouth.net (griffisb at bellsouth.net):
> >
> >
> >>Hey all, 
> >>
> >>  I was going through my Linksys router logs and noticed access to some 
> >>  sites I'd really rather not be hit. I've spoken to my kids about it - 
> >>  but would like to put in some filtering transparent proxy server or 
> >>  router.
> >>
> >>  Right now my Linksys router can only block on up to 10 keywords - so 
> >>  it's absolutely useless for blocking. My old netgear router could block 
> >>  on up to 99 keywords - still not enough, but a little better.
> >>
> >>  Can anyone recommend a proxy server or router than has good hate / 
> >>  violence blocking? Preferably a free (or open source) list. And 
> >>  something that can be done transparently, so I wouldn't need to modify 
> >>  the PCs to provide blocking. I'd like to yank out my Linksys, and put 
> >>  in something that does DHCP, routing, firewall and transparent proxy 
> >>  server work.
> >>
> >>  Is this something Squid can do? Or would I put Squid in line between my 
> >>  existing router and my LAN, forcing all traffic through the Squid 
> >>  server? Help! 
> >>_______________________________________________
> >>Ale mailing list
> >>Ale at ale.org
> >>http://www.ale.org/mailman/listinfo/ale
> >>
> >>** CRM114 Whitelisted by: ale at ale.org **
> >>
> >>** ACCEPT: CRM114 Whitelisted by: ale at ale.org **
> >>
> >
> >
> >:wq!
> >---------------------------------------------------------------------------
> >Robert L. Harris                     | GPG Key ID: E344DA3B
> >                                         @ x-hkp://pgp.mit.edu
> >DISCLAIMER:
> >      These are MY OPINIONS ALONE.  I speak for no-one else.
> >
> >Life is not a destination, it's a journey.
> >  Microsoft produces 15 car pileups on the highway.
> >    Don't stop traffic to stand and gawk at the tragedy.
> >
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >Ale mailing list
> >Ale at ale.org
> >http://www.ale.org/mailman/listinfo/ale
> 
> -- 
> 
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> Mike Murphy
> 781 Inman Mews Drive Atlanta GA 30307
> Landline: 404-653-1070
> Mobile: 404-545-6234
> Email: mike at tyderia.net
> Email Pager: pagemike at tyderia.net
> AIM: mmichael453
> JDAM: 33:45:14.0584N  84:21:43.038W
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
> 
> ** ACCEPT: CRM114 Priority Whitelisted by: CRM114 **
> 

:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | GPG Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

Life is not a destination, it's a journey.
  Microsoft produces 15 car pileups on the highway.
    Don't stop traffic to stand and gawk at the tragedy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature

More information about the Ale mailing list