LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-31-2012, 08:33 AM   #1
mohammad nour
LQ Newbie
 
Registered: Apr 2006
Posts: 5

Rep: Reputation: 0
Content Filtering using DNS ???


Hello,
I am using Cradle Point MBR1400 router for hotspot services .

What I am trying to do is content filtering to block porno websites . I tested opendns content filtering and it worked well. However, I want to use other proxy server that has the filter rules that I have .

I used other devices flashed with DD-WRT and I was able to use IP Tables command to do that " pointing to a proxy server like w.x.y.z : 47567 "

----------------------------------------------------------------------------------------------------------------------

I used Mikrotik routers , and I used IP firewalls command to point to this sever and it worked well using this command :

ip firewall nat add action=dst-nat dst-port=80 protocol=tcp src-address="192.168.182.0/24" to-addresses="w.x.y.z" to-ports=44567 chain=dstnat


----------------------------------------------------------------------------------------------------------------------

So my question is there any way to point my client to use my squid proxy server to be used as DNS server to do content filter.

the Idea of OpenDNS is just pointing to that DNS and everything is working like a charm .

I want to point out to my squid server as a DNS Server, how can I do that ?

thanks in advanced for your help
 
Old 09-01-2012, 01:17 PM   #2
jefro
Guru
 
Registered: Mar 2008
Posts: 11,406

Rep: Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397
I think you are asking how to configure squid to use a particular IP address as it's dns source.

This may help. http://www.ehow.com/how_7264461_use-proxy-opendns.html
 
Old 09-05-2012, 08:11 AM   #3
mohammad nour
LQ Newbie
 
Registered: Apr 2006
Posts: 5

Original Poster
Rep: Reputation: 0
thanks for your reply , but I don.t mean that .

I wanna to use my squid Server to be the DNS Server and whenever someone request Porno website , the server will redirect the request to its own page instead of OpenDNS page.
 
Old 09-05-2012, 11:23 AM   #4
jefro
Guru
 
Registered: Mar 2008
Posts: 11,406

Rep: Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397Reputation: 1397
You'd have to set up a hosts file sort of deal where a FQDN is re-directed to instead of a 127.0.0.1 address it would send it to a local web page. I think it could even be a simple file but I never tried that. Any small web server you have running for that warning page would do.

The main issue is getting all those bad sites. The more easy way is to get only good sites allowed and use other protection ideas.
 
Old 09-09-2012, 02:08 AM   #5
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 1,525

Rep: Reputation: 236Reputation: 236Reputation: 236
You could edit /etc/hosts and assign an IP of an http server to act as the block page. That would be a very long list of sites and not without issues. Not everything references /etc/hosts these days. And with such a long list it would be performance degrading and a maintenance headache. Plus any tech savvy type could bypass that with proxies and other sites that are setup to send web pages via email or mirror them on that other site. All of which would do little more than show intent than actually solving a greater issue.

I'm not sure of the configurations at this time. But squid should be able to import the hosts file and maybe some non-host file as a hosts file. And dns_masq is another option that many find a tad simpler to setup than squid is to setup, in my opinion.
 
Old 09-12-2012, 11:36 AM   #6
mohammad nour
LQ Newbie
 
Registered: Apr 2006
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks. Maybe I should clarifiy a bit.

Squid is already setup as a proxy server with a blacklist of sites. If in your browser settings under proxy server, you put the IP address of this server and port 44567, then if you try to navigate to a porn site, you get a page saying "not allowed". If the site is good, it goes to the site.

The problem with this, is that we cannot force people to set their browsers to point to a proxy server.

Like I mentioned earlier, on two other router models, we were able to have the router forward all traffic to the proxy server using IP tables or Firewall Rules as described above.

1) I am trying to accomplish the same thing in the Cradlepoint MBR1400, but cannot figure out how.

2) Alternately, I thought it might be possible to use our Squid Content Filtering Proxy Server's IP address as the DNS Server in the Cradlepoint Router, however this does not redirect traffic the way it does when it is used as a proxy server, it acts simply as a DNS forwarder.

Any help you can provide me in getting either #1 or #2 to work would be greatly appreciated. It must be possible somehow, if other routers can do #1.

Thank You
 
Old 09-12-2012, 02:51 PM   #7
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 138Reputation: 138
How about:

iptables -t nat -A PREROUTING -p tcp -s 192.168.182.0/24 --dport 80 -j DNAT --to w.x.y.z:44567
 
Old 09-12-2012, 03:19 PM   #8
SecretCode
Member
 
Registered: Apr 2011
Location: UK
Distribution: Kubuntu 11.10
Posts: 562

Rep: Reputation: 102Reputation: 102
Quote:
Originally Posted by mohammad nour View Post
The problem with this, is that we cannot force people to set their browsers to point to a proxy server.
Can't you? Standard practice would be to have a proxy server and a firewall that blocks all other http/s traffic.

If you can't force them to use a proxy server, can you prevent them from using other dns servers?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
content filtering with layer7- filtering rose1366m Linux - Networking 1 05-04-2011 11:10 AM
Content Mail Filtering ultrahansolo Linux - Newbie 4 07-24-2010 06:50 AM
Content Filtering priyadarshan Linux - Security 6 06-23-2009 02:50 AM
What is 'content filtering'? rsean LQ Articles Discussion 1 07-26-2007 11:44 PM
Content Filtering metallica1973 Linux - Security 6 12-29-2006 08:28 PM


All times are GMT -5. The time now is 07:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration