You need to do a custom build to get tinyproxy.
David
On Mon, Aug 25, 2014 at 5:08 PM, Michael Knill <
michael.kn...@ipcsolutions.com.au> wrote:
> Thanks David
>
> So I assume that tinyproxy is not in the standard build?
> I think I am going to need to read ‘IP Tables for Dummies’ if it exists.
>
> Regards
> Michael Knill
>
>
>
>
> On 25 Aug 2014, at 11:12 pm, David Kerr <da...@kerr.net> wrote:
>
> I do not use either of the firewall plugins, but I do use tinyproxy as a
> transparent proxy. The way I use it is to transparently redirect HTTP
> traffic from selected devices on my network (kids systems) over to
> tinyproxy. Tinyproxy is setup to block access to certain websites based
> solely on the URL text. It is not a very robust form of parental control
> (in that someone tech savvy could probably bypass it, and it does nothing
> for HTTPS) but it is another line of defense (along with OpenDNS).
>
> I have setup tinyproxy to listen on port 8888.
>
> Then I redirect incoming traffic to port 80 over to 8888 in the custom
> firewall rules...
>
> ip4tables -t nat -A PREROUTING -m mac --mac-source 68:96:7b:xx:yy:zz -i
> $INT_IF -p tcp --dport 80 -j REDIRECT --to-ports 8888
>
> For a system that may be shared by other family members I can redirect
> only during certain hours, e.g. 4pm to 6pm when they should be doing
> homework (note, firewall times are in GMT/UTC).
>
> ip4tables -t nat -A PREROUTING -m mac --mac-source 70:56:81:xx:yy:xx -m
> time --timestart 21:00 --timestop 01:00 -i $INT_IF -p tcp --dport 80 -j
> REDIRECT --to-ports 8888
>
> I think Lonnie may point out that use of $INT_IF is not robust as it could
> be set to multiple interfaces, which would not work. In my case it is set
> to 'br1' which is a bridge of 'eth1 eth2'.
>
> And then tinyproxy-filter.conf is set to block prohibited sites, for
> example...
>
> erotic
> fashion
> naked
> porno
> sexy
> swimsuit
> underwear
> playboy.com:80 <http://playboy.com/>
> google.*:80/.*(porn|sex)
> youtube.com:80/.*(porn|sex) <http://youtube.com/.*(porn%7Csex)>
> youtu.be:80/.*(porn|sex) <http://youtu.be/.*(porn%7Csex)>
> yahoo.com:80/.*sex <http://yahoo.com/.*sex>
>
> also in user.conf you need
> TINYPROXY_START="yes"
>
> David.
>
>
>
>
> On Sun, Aug 24, 2014 at 8:21 AM, Michael Keuter <li...@mksolutions.info>
> wrote:
>
>>
>> Am 24.08.2014 um 11:12 schrieb Michael Knill <
>> michael.kn...@ipcsolutions.com.au>:
>>
>> > Hi group
>> >
>> > Can anyone tell me how the Transparent Proxy works and what it can be
>> used for?
>> >
>> > Regards
>> > Michael Knill
>>
>> From: /usr/share/arno-iptables-firewall/plugins/50transparent-proxy.plugin
>>
>> # Comments : This plugin enables transparent DNAT for internal hosts for
>> # certain ports. Meaning you can redirect certain
>> TCP/UDP ports (eg. http)
>> # which should be redirected from a certain INET
>> address to an
>> # internal address.
>> # Updated to be IPv4-only
>>
>> BTW: In our buildroot tree there is an experimental package of
>> "tinyproxy". Look at the init script for getting it working :-).
>>
>> Michael
>>
>> http://www.mksolutions.info
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Slashdot TV.
>> Video for Nerds. Stuff that matters.
>> http://tv.slashdot.org/
>> _______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
>> pay...@krisk.org.
>>
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/_______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
>
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
