Thanks David
So I assume that tinyproxy is not in the standard build?
I think I am going to need to read ‘IP Tables for Dummies’ if it exists.
Regards
Michael Knill
On 25 Aug 2014, at 11:12 pm, David Kerr <da...@kerr.net> wrote:
> I do not use either of the firewall plugins, but I do use tinyproxy as a
> transparent proxy. The way I use it is to transparently redirect HTTP
> traffic from selected devices on my network (kids systems) over to tinyproxy.
> Tinyproxy is setup to block access to certain websites based solely on the
> URL text. It is not a very robust form of parental control (in that someone
> tech savvy could probably bypass it, and it does nothing for HTTPS) but it is
> another line of defense (along with OpenDNS).
>
> I have setup tinyproxy to listen on port 8888.
>
> Then I redirect incoming traffic to port 80 over to 8888 in the custom
> firewall rules...
>
> ip4tables -t nat -A PREROUTING -m mac --mac-source 68:96:7b:xx:yy:zz -i
> $INT_IF -p tcp --dport 80 -j REDIRECT --to-ports 8888
>
> For a system that may be shared by other family members I can redirect only
> during certain hours, e.g. 4pm to 6pm when they should be doing homework
> (note, firewall times are in GMT/UTC).
>
> ip4tables -t nat -A PREROUTING -m mac --mac-source 70:56:81:xx:yy:xx -m time
> --timestart 21:00 --timestop 01:00 -i $INT_IF -p tcp --dport 80 -j REDIRECT
> --to-ports 8888
>
> I think Lonnie may point out that use of $INT_IF is not robust as it could be
> set to multiple interfaces, which would not work. In my case it is set to
> 'br1' which is a bridge of 'eth1 eth2'.
>
> And then tinyproxy-filter.conf is set to block prohibited sites, for
> example...
>
> erotic
> fashion
> naked
> porno
> sexy
> swimsuit
> underwear
> playboy.com:80
> google.*:80/.*(porn|sex)
> youtube.com:80/.*(porn|sex)
> youtu.be:80/.*(porn|sex)
> yahoo.com:80/.*sex
>
> also in user.conf you need
> TINYPROXY_START="yes"
>
> David.
>
>
>
>
> On Sun, Aug 24, 2014 at 8:21 AM, Michael Keuter <li...@mksolutions.info>
> wrote:
>
> Am 24.08.2014 um 11:12 schrieb Michael Knill
> <michael.kn...@ipcsolutions.com.au>:
>
> > Hi group
> >
> > Can anyone tell me how the Transparent Proxy works and what it can be used
> > for?
> >
> > Regards
> > Michael Knill
>
> From: /usr/share/arno-iptables-firewall/plugins/50transparent-proxy.plugin
>
> # Comments : This plugin enables transparent DNAT for internal hosts for
> # certain ports. Meaning you can redirect certain
> TCP/UDP ports (eg. http)
> # which should be redirected from a certain INET
> address to an
> # internal address.
> # Updated to be IPv4-only
>
> BTW: In our buildroot tree there is an experimental package of "tinyproxy".
> Look at the init script for getting it working :-).
>
> Michael
>
> http://www.mksolutions.info
>
>
>
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/_______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
