Linux-Noob Forums

Full Version: proxy/filter/networking
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4

My proxy/webfilter is running great. Just thought it might be better to have it set for all devices connected on my internet network. So that I don't have to set it up mannually for every device. I have Linksys WRT160N, and I read that the standard linksys router software does not allow setting up a proxy. But that I need to use dd-wrt . I found an instruction on how to do it and it doesn't look that hard. But how smart is it to do. Cuz I always go by the saying for computer stuff: "don't fix what ain't broke" or I could buy a second network card, have my internet connection on it so that I could filter/proxy it and connect another router too it, and to the second router I could connect all my devices. or something like that? Not too great in networking. That acuatually sounds better if it is possible. Because I don't really like messing with router firmware if it's running fine.

 

So if I wanted to do it without messing with the firmware I would probably want to setup like this?

 

 

Downstairs(modem)-->router1--mypc(nic1)---proxy/filter-->mypc(nic2)--->router2(make this gateway for all connecting devices)

 

Does that sound correct? But I have no idea how I would be able to connect two nic's. would have to do some research on that.

 

http://www.alternate...Netwerkadapters

http://www.alternate...+LAN&l3=Routers


When you say "router" are you actually routing between two networks, or is it acting as a hub?

 

I have a similar configuration in my home, the difference is that whilst my (NetGear) router acts as a wireless access point, it's my server that issues the IP (running DHCP on it) and also acts as the gateway/proxy. To achieve this, I have denied outbound traffic to port 80 from anywhere but my server, and instructed all client machines to use the server as a proxy.

 

I did this a number of years ago to prevent services "dialing home" - I could check the router logs to see what traffic had been denied, then whitelist specific sites on the server to permit them. As well as filtering out banners and popups, the other benefit of running all traffic through the proxy was the caching aspect - commonly-fetched files (masthead images, forum stylesheets, etc) would only be fetched once and retained for all machines on the LAN to use.

 

To get back to your question: if you have two NICs in your machine, they will appear as "eth0" and "eth1" - you'll just need to assign IP address in different networks to them. It may help if you drew a network diagram showing the distinct networks with their IP ranges so that it clarifies what domain each device belongs to, and thus assign IPs correctly. (for an example of some, try this site - "rate my network diagram" )

 

Note that it *is* possible to have everything coming off one router, just that your gateway will need two IP address bound to the single card (eth0 and eth0:1) with the modem being on one range and other machines being on another - your single physical network will contain two logical networks with the device IPs determining which they belong to. It is a simpler model and involves less cabling, but also means reduced security in some regards, so you'll need to add filtering rules to the modem to permit traffic from the gateway machine and deny all else.

 

Hope that helps, but ultimately what you're after IS possible. It's more a matter of how you go about it.


I think as I understood from your explanation more as a hub because I only have one network at home.. Basic idea is I want al internet traffic on my network getting filtered first. If I am able to do that with one router(my current one) and just have to purchase a nic the better. What I don't understand is how can I filter/proxy all my internet traffic using two nic's and then rerout it back to my router?

 

current setup

modem(isp device) connects to my WRT160N-4poorts,+1 internet poort 4 other ports connect to my pc/other pc/laptop.

 

If I want internet traffic going through my pc(proxy/filter first) then going through nic2 en going into my router again so that internet traffic is filtered?

 

It would be setup like this if I understand you correctly: isp modem---router wan(wlan/lan)---nic1-filter/proxy--nic2 --- and then back to router?

 

But what I don't understand is then my second nic2 would connect to a normal lan port would have no effect on the other 3 lan ports.

 

So how then would then would I be able to do it without a second router. or you saying that I should get a hub or switch? instead of a second router?

But I also want to keep my wireless router connection and have that filtered.

 

 

 

http://www.alternate...bs+%26+Switches


Quote:It would be setup like this if I understand you correctly: isp modem---router wan(wlan/lan)---nic1-filter/proxy--nic2 --- and then back to router?
No. Either have:

- two switches, one on each NIC, with the gateway sitting between them (two physically separate networks)

- one switch connected to the gateway NIC but with two IP address on that NIC (two logical networks).

 

That way traffic can be filtered through the gateway.

 

The former means that devices on the LAN side are completely separated and are "forced" to pass through the gateway.

 

The latter (my model) means that devices on the logical LAN are still physically connected to external-facing devices, but the IP ranges mean that the internet link is invisible to them - they need to route through my server to reach "outside".

 

I'll knock up a network diagram to illustrate what I mean.


ok cool :) thanks alot mate! I'll think I'll go for the second one, cuz it's a cheaper option. Mean I'll only have to buy a switch :)

 

logical networks is network-aliasing right? also mentioned here under networking aliasing section


Quote:logical networks is network-aliasing right?
Well, network-aliasing is more "IP multiplexing" but it's creating another logical network within a physical network. You can have several logical networks within a physical one without doing network aliasing, but if you want a machine to see more than one network you'll need to do aliasing.


Quote:<blockquote data-ipsquote="" class="ipsQuote" data-ipsquote-contentcommentid="15332" data-ipsquote-username="feedmebits" data-cite="feedmebits" data-ipsquote-timestamp="1320233402" data-ipsquote-contentapp="forums" data-ipsquote-contenttype="forums" data-ipsquote-contentid="4186" data-ipsquote-contentclass="forums_Topic"><div>logical networks is network-aliasing right?
Well, network-aliasing is more "IP multiplexing" but it's creating another logical network within a physical network. You can have several logical networks within a physical one without doing network aliasing, but if you want a machine to see more than one network you'll need to do aliasing.



</div></blockquote>
 

I think I would go for the cheaper one, which is the second. But what are the main differences between the two?

- two switches, one on each NIC, with the gateway sitting between them (two physically separate networks)

- one switch connected to the gateway NIC but with two IP address on that NIC (two logical networks).

 

One having more security and one having less cabling?


You mean this is how it would look like for the second option?

 

[Image: sketch1.jpg]


Wait that diagram wouldn't make sense cuz a network card only has one physical port. Then it would be my router connecting to a different port on a the switch right?

Like this then?

 

[Image: sketch2.jpg]

Quote:<blockquote data-ipsquote="" class="ipsQuote" data-ipsquote-contentcommentid="15334" data-ipsquote-username="Dungeon-Dave" data-cite="Dungeon-Dave" data-ipsquote-timestamp="1320235171" data-ipsquote-contentapp="forums" data-ipsquote-contenttype="forums" data-ipsquote-contentid="4186" data-ipsquote-contentclass="forums_Topic"><div>
<blockquote data-ipsquote="" class="ipsQuote" data-ipsquote-contentcommentid="15332" data-ipsquote-username="feedmebits" data-cite="feedmebits" data-ipsquote-timestamp="1320233402" data-ipsquote-contentapp="forums" data-ipsquote-contenttype="forums" data-ipsquote-contentid="4186" data-ipsquote-contentclass="forums_Topic"><div>logical networks is network-aliasing right?
Well, network-aliasing is more "IP multiplexing" but it's creating another logical network within a physical network. You can have several logical networks within a physical one without doing network aliasing, but if you want a machine to see more than one network you'll need to do aliasing.



</div></blockquote>
 

I think I would go for the cheaper one, which is the second. But what are the main differences between the two?

- two switches, one on each NIC, with the gateway sitting between them (two physically separate networks)

- one switch connected to the gateway NIC but with two IP address on that NIC (two logical networks).

 

One having more security and one having less cabling?

 

Yes, but also that the first option will involve two physically-separate switches/hubs, so more cabling and higher expense.



</div></blockquote>
Pages: 1 2 3 4