IpTables Gurus out there?
Jun. 7th, 2006 10:47 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
elfsI have a rather ordinary set-up at home: A mini-tower box running Linux acts as my firewall, using NAT to assist everyone inside the house from getting out but preventing anyone from getting in. It's not perfect, but it's your standard solid setup. I haven't had any problem with it and I keep it updated.
I would like to run Dan's Guardian on the NAT box, but I would like only some of the machines in the house to be routed through it, namely, the kids'. Dan's Guardian is basically a proxy that uses a cache (Squid, in this case) to retrieve content from the web, and then analyzes both the addresses and the content for things you might not want.
Can anybody tell me what the iptables magic is for directing traffic from a specific host on a specific subnet to the proxy engine? The idea here is to prevent anything that tries to "route around" the proxy (like, the kids figure out how to turn "use proxy" off on their browsers) from being able to go anywhere without going through it.
I would like to run Dan's Guardian on the NAT box, but I would like only some of the machines in the house to be routed through it, namely, the kids'. Dan's Guardian is basically a proxy that uses a cache (Squid, in this case) to retrieve content from the web, and then analyzes both the addresses and the content for things you might not want.
Can anybody tell me what the iptables magic is for directing traffic from a specific host on a specific subnet to the proxy engine? The idea here is to prevent anything that tries to "route around" the proxy (like, the kids figure out how to turn "use proxy" off on their browsers) from being able to go anywhere without going through it.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
Measures of maturity
Date: 2006-06-07 10:20 pm (UTC)I looked at the setup, figured out how to bypass the proxy server, and told 'em it was easy and as soon as they figured it out themselves I'd run interference with their mom on letting 'em have free access to the net.
So I think of it as a maturity test and incentive: When they can figure out how to bypass the system there's nothin' I can really do anyway, so I may as well make it a learning experience.
I'm actually not sure if they ever did bypass it, shortly thereafter cablemodem came to the valley and dial-ups through the school system fell by the wayside, but I do know now, years later, that their LAN parties went to gigabit ethernet not because of latency in gaming, but because copying terabytes of hentai around on 100baseT just wasn't working...