[Swansea Hackspace] Home Internet Filter
Justin Mitchell
justin at discordia.org.uk
Mon Mar 28 16:58:59 BST 2016
On Mon, 2016-03-28 at 16:36 +0100, phantomjinx wrote:
> I actually looked into this in some detail about 6 months ago.
>
> I started off with the idea of using my currently unused Pi for this purpose.
>
> My initial considerations was for a transparent proxy that would route traffic by default rather
> than having to change IP settings on each machine. However, that led me to the next question of
> setting the Pi as each machine's gateway rather than the router, [snip]
> To avoid, the whole IP settings config question, I then considered getting my router to mirror
> packets to the Pi as they were being routed. That way I could log them by default. Unfortunately,
> this functionality was not available on my router (billion 7800N) as its iptables implementation
> seemed to be too old. [snip]
If your router has good enough firewalling, even an old iptables will
probably do, it can do transparent-proxy-to-remote where any outgoing
http requests get silently redirected to a seperate machine running the
filter/proxy.
If your router is fairly dumb then you can run a linux box (eg RPi) in
bridging mode, and put it between the router and lan, or between the
router and the wan/modem. it can then filter/proxy any traffic you like,
and simply bridge the rest through.
What you use to do the filtering i leave to others to comment on.
Some readmes on the subject, many quite old now:
http://tldp.org/HOWTO/TransparentProxy.html
http://blog.stevebaker.org/2013/02/raspberry-pi-as-transparent-squid.html
Also see googles guidance for "schools" about forcing safesearch on
their products. https://support.google.com/websearch/answer/186669
More information about the Hackspace
mailing list