I do not use either of the firewall plugins, but I do use tinyproxy as a
transparent proxy. The way I use it is to transparently redirect HTTP
traffic from selected devices on my network (kids systems) over to
tinyproxy. Tinyproxy is setup to block access to certain websites based
solely on the URL text. It is not a very robust form of parental control
(in that someone tech savvy could probably bypass it, and it does nothing
for HTTPS) but it is another line of defense (along with OpenDNS).
I have setup tinyproxy to listen on port 8888.
Then I redirect incoming traffic to port 80 over to 8888 in the custom
firewall rules...
ip4tables -t nat -A PREROUTING -m mac --mac-source 68:96:7b:xx:yy:zz -i
$INT_IF -p tcp --dport 80 -j REDIRECT --to-ports 8888
For a system that may be shared by other family members I can redirect only
during certain hours, e.g. 4pm to 6pm when they should be doing homework
(note, firewall times are in GMT/UTC).
ip4tables -t nat -A PREROUTING -m mac --mac-source 70:56:81:xx:yy:xx -m
time --timestart 21:00 --timestop 01:00 -i $INT_IF -p tcp --dport 80 -j
REDIRECT --to-ports 8888
I think Lonnie may point out that use of $INT_IF is not robust as it could
be set to multiple interfaces, which would not work. In my case it is set
to 'br1' which is a bridge of 'eth1 eth2'.
And then tinyproxy-filter.conf is set to block prohibited sites, for
example...
erotic
fashion
naked
porno
sexy
swimsuit
underwear
playboy.com:80
google.*:80/.*(porn|sex)
youtube.com:80/.*(porn|sex)
youtu.be:80/.*(porn|sex)
yahoo.com:80/.*sex
also in user.conf you need
TINYPROXY_START="yes"
David.
On Sun, Aug 24, 2014 at 8:21 AM, Michael Keuter <li...@mksolutions.info>
wrote:
>
> Am 24.08.2014 um 11:12 schrieb Michael Knill <
> michael.kn...@ipcsolutions.com.au>:
>
> > Hi group
> >
> > Can anyone tell me how the Transparent Proxy works and what it can be
> used for?
> >
> > Regards
> > Michael Knill
>
> From: /usr/share/arno-iptables-firewall/plugins/50transparent-proxy.plugin
>
> # Comments : This plugin enables transparent DNAT for internal hosts for
> # certain ports. Meaning you can redirect certain
> TCP/UDP ports (eg. http)
> # which should be redirected from a certain INET
> address to an
> # internal address.
> # Updated to be IPv4-only
>
> BTW: In our buildroot tree there is an experimental package of
> "tinyproxy". Look at the init script for getting it working :-).
>
> Michael
>
> http://www.mksolutions.info
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
