First time proxy server setup

FDF12389

Diamond Member
Sep 8, 2005
5,234
7
76
Ive deceided to use Cyclope as my filtering program since I know almost nothing about linux and it is a very affordable solution for the family. However in the instructions it says I should set all the browsers up manually to go through the proxy server, I dont like the idea of that because then the kids could just go into FF or IE settings remove the proxy ip.

Is there a way i can just setup a router to go through the proxy server so any computer that connected to my network would be filtered automatically?

Right now I just have one desktop computer where the screen is easily visible, but their school will be supplying them with laptops so I'm looking for a better solution. Any thoughts or ideas are greatly appreciated.
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
1. What router? because the answer is "it depends on your router"

That is what makes the *nix distro based routers nice, as you can block outgoing port 80/443 traffic from all PC's but the proxy server. You don't have to be a *nix guy to get something like IPCop or Smoothwall up with Proxy servers running.
 

FDF12389

Diamond Member
Sep 8, 2005
5,234
7
76
Originally posted by: nweaver
1. What router? because the answer is "it depends on your router"

That is what makes the *nix distro based routers nice, as you can block outgoing port 80/443 traffic from all PC's but the proxy server. You don't have to be a *nix guy to get something like IPCop or Smoothwall up with Proxy servers running.

Right now I have an old belkin router that i know cant, its wired so Im replacing it with a wireless one anyway. Which ones would you recommend for this purpose?
 

kevnich2

Platinum Member
Apr 10, 2004
2,465
8
76
Set the DHCP to not hand out a gateway address, move the gateway address to something other than .1 so it can't be easily guessed then set the proxy server up manually for the gateway and voila. Also, setup the router to drop all traffic except what comes from the MAC address of your proxy server (even cheap soho routers have this under their filter options).
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
I really doubt any SOHO routers will let you do what you want.

Set the DHCP to not hand out a gateway address, move the gateway address to something other than .1 so it can't be easily guessed then set the proxy server up manually for the gateway and voila.

Security by obscurity and not even really that obscured, anyone who really wants to get out will be able to figure out the gateway address.
 

FDF12389

Diamond Member
Sep 8, 2005
5,234
7
76
Originally posted by: Nothinman
I really doubt any SOHO routers will let you do what you want.

What kind money are we talking about for a router that can do what I want?

 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
Originally posted by: FDF12389
Originally posted by: Nothinman
I really doubt any SOHO routers will let you do what you want.

What kind money are we talking about for a router that can do what I want?

$30 for an old P3 machine, and $0.45 for a CDR to burn a *nix firewall, such as smoothwall too.
 

kevnich2

Platinum Member
Apr 10, 2004
2,465
8
76
Originally posted by: Nothinman
I really doubt any SOHO routers will let you do what you want.

Set the DHCP to not hand out a gateway address, move the gateway address to something other than .1 so it can't be easily guessed then set the proxy server up manually for the gateway and voila.

Security by obscurity and not even really that obscured, anyone who really wants to get out will be able to figure out the gateway address.

My $50 buffalo router lets me filter out IP's & Mac addresses and also will only allow connections from certain IP's & MAC's which in the OP's case, all he'd have to do is set to only allow from one MAC address which would be the proxy server and your done. You don't even need to worry about the gateway address because the soho router wouldn't let traffic pass anyway unless it came from the proxy server.
 

FDF12389

Diamond Member
Sep 8, 2005
5,234
7
76
Originally posted by: nweaver
Originally posted by: FDF12389
Originally posted by: Nothinman
I really doubt any SOHO routers will let you do what you want.

What kind money are we talking about for a router that can do what I want?

$30 for an old P3 machine, and $0.45 for a CDR to burn a *nix firewall, such as smoothwall too.

Ok, Im downloading smoothwall right now then im gonna play around with it. So Im gussing my setup is going to look something like this:

ISP Connection > Smoothwall > proxyserver > SOHO Router

Is that right?
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
Originally posted by: FDF12389

ISP Connection > Smoothwall > proxyserver > SOHO Router

Is that right?

If you use Smoothwall, you can take out proxyserver & SOHO Router. Smoothwall itself should be able to act as a proxy. Though I have no experience with Smoothwall.


 

FDF12389

Diamond Member
Sep 8, 2005
5,234
7
76
Originally posted by: mxnerd
Originally posted by: FDF12389

ISP Connection > Smoothwall > proxyserver > SOHO Router

Is that right?

If you use Smoothwall, you can take out proxyserver & SOHO Router. Smoothwall itself should be able to act as a proxy. Though I have no experience with Smoothwall.

How then will I have wireless connectivity?
 

kevnich2

Platinum Member
Apr 10, 2004
2,465
8
76
Why don't you just do it this way: ISP DSL/Cable Modem > Wireless Router (Configure this to only accept connections from the MAC address of your proxy server so the router is only passing internet traffic from the proxy server and that's it) > Proxy server (this can have any proxy server software you want and will have full internet access). Then, configure the computers that need internet to go through your proxy server along with the port number. Any computers that don't have the proxy server will not have any internet at all. This will also work the same for wireless as it does for wired computers as long as the computer is configured in internet options to go through the proxy server.
 

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
Use smoothwall. You need to install dansguardian mod from the community stuff (really not that hard)

Configure your soho router to be an AP (assign it an LAN IP in the same range as your smoothwall, turn off DHCP, plug the smoothwall into a LAN port and ignore the WAN port) and then it will work. The default squid install on Smoothwall (iirc) is mostly just for caching, not filtering, Installing Dansguardian makes it more of a filtering proxy.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
Just test it on VMWare. Though it did not support traffic shaping and QoS, it does support Web Filtering with wildcard! Yes, you can block a whole domain like *.myspace.com, you don't have to enter machine URL or subdomain one by one!

The problem is I don't know how much memory Untangle really use. VMWare instance does take over 400M (I did load most of its free features), I really don't want it use too much memory.

Anyone care to share his knowledge about other Linux based firewalls with web filtering that also has wildcard blocking capability? I hate entering URL one by one!

Maybe I'll try IPCop & Smoothwall with dansguardian later.
 

skyking

Lifer
Nov 21, 2001
22,542
5,588
146
Running dansguardian/squid on freebsd with 1 gig processors and 512MB ram.
One location is a home with 3 computers, the other is a private school with a bit more traffic, 15 workstations or so.
The memory seems to be adequate at 512, I never tried it at 256.
 

FDF12389

Diamond Member
Sep 8, 2005
5,234
7
76
I messed around with smoothwall and got that working with my current network, it was alot easier than I thought it would be. However Im still going to give untangle a try, it looks pretty nice too. Thanks for all your help so far guys.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
Today I tried pfSense (FreeBSD based) with squid web proxy add-on and I liked it!

It's got Squid web proxy with content filtering, firewall, traffic shaper, VPN, a Tiny-DNS, etc, even fail-over and load balancing if you use 2 of them.

I did struggle a little while installing, but it works finally, I think I'll settle on this one.

Memory requirement is only 128M. With squid add-on it's probably 200M. Sweet. :)
 

amdskip

Lifer
Jan 6, 2001
22,530
13
81
Smoothwall + dansguardian = awesomeness. I have this setup at a school and it blocks out many websites. I have myspace, youtube, etc. all blocked and it does keyword content blocking automatically too. For example if a website had too many sex related ads, boom it would be blocked. I have it pretty locked down. Most files cannot be downloaded and all .exe files are blocked making my life easier.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
pfSense is good. However, I want to block some websites according to some schedule, like no access on weekday, but accessible on weekend.

It does has scheduler on firewall rules, but not what I want. I would like to have scheduler on web contents control (domain blacklist), anyone know some packages out there can do this?