Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
08-31-2012, 08:33 AM
|
#1
|
|
LQ Newbie
Registered: Apr 2006
Posts: 5
Rep: 
|
Content Filtering using DNS ???
Hello,
I am using Cradle Point MBR1400 router for hotspot services .
What I am trying to do is content filtering to block porno websites . I tested opendns content filtering and it worked well. However, I want to use other proxy server that has the filter rules that I have .
I used other devices flashed with DD-WRT and I was able to use IP Tables command to do that " pointing to a proxy server like w.x.y.z : 47567 "
----------------------------------------------------------------------------------------------------------------------
I used Mikrotik routers , and I used IP firewalls command to point to this sever and it worked well using this command :
ip firewall nat add action=dst-nat dst-port=80 protocol=tcp src-address="192.168.182.0/24" to-addresses="w.x.y.z" to-ports=44567 chain=dstnat
----------------------------------------------------------------------------------------------------------------------
So my question is there any way to point my client to use my squid proxy server to be used as DNS server to do content filter.
the Idea of OpenDNS is just pointing to that DNS and everything is working like a charm .
I want to point out to my squid server as a DNS Server, how can I do that ?
thanks in advanced for your help
|
|
|
|
|
09-05-2012, 08:11 AM
|
#3
|
|
LQ Newbie
Registered: Apr 2006
Posts: 5
Original Poster
Rep:
|
thanks for your reply , but I don.t mean that .
I wanna to use my squid Server to be the DNS Server and whenever someone request Porno website , the server will redirect the request to its own page instead of OpenDNS page.
|
|
|
|
|
09-05-2012, 11:23 AM
|
#4
|
|
Guru
Registered: Mar 2008
Posts: 8,526
|
You'd have to set up a hosts file sort of deal where a FQDN is re-directed to instead of a 127.0.0.1 address it would send it to a local web page. I think it could even be a simple file but I never tried that. Any small web server you have running for that warning page would do.
The main issue is getting all those bad sites. The more easy way is to get only good sites allowed and use other protection ideas.
|
|
|
|
|
09-09-2012, 02:08 AM
|
#5
|
|
Member
Registered: Feb 2003
Posts: 964
Rep: 
|
You could edit /etc/hosts and assign an IP of an http server to act as the block page. That would be a very long list of sites and not without issues. Not everything references /etc/hosts these days. And with such a long list it would be performance degrading and a maintenance headache. Plus any tech savvy type could bypass that with proxies and other sites that are setup to send web pages via email or mirror them on that other site. All of which would do little more than show intent than actually solving a greater issue.
I'm not sure of the configurations at this time. But squid should be able to import the hosts file and maybe some non-host file as a hosts file. And dns_masq is another option that many find a tad simpler to setup than squid is to setup, in my opinion.
|
|
|
|
|
09-12-2012, 11:36 AM
|
#6
|
|
LQ Newbie
Registered: Apr 2006
Posts: 5
Original Poster
Rep:
|
Thanks. Maybe I should clarifiy a bit.
Squid is already setup as a proxy server with a blacklist of sites. If in your browser settings under proxy server, you put the IP address of this server and port 44567, then if you try to navigate to a porn site, you get a page saying "not allowed". If the site is good, it goes to the site.
The problem with this, is that we cannot force people to set their browsers to point to a proxy server.
Like I mentioned earlier, on two other router models, we were able to have the router forward all traffic to the proxy server using IP tables or Firewall Rules as described above.
1) I am trying to accomplish the same thing in the Cradlepoint MBR1400, but cannot figure out how.
2) Alternately, I thought it might be possible to use our Squid Content Filtering Proxy Server's IP address as the DNS Server in the Cradlepoint Router, however this does not redirect traffic the way it does when it is used as a proxy server, it acts simply as a DNS forwarder.
Any help you can provide me in getting either #1 or #2 to work would be greatly appreciated. It must be possible somehow, if other routers can do #1.
Thank You
|
|
|
|
|
09-12-2012, 02:51 PM
|
#7
|
|
Member
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 503
Rep:
|
How about:
iptables -t nat -A PREROUTING -p tcp -s 192.168.182.0/24 --dport 80 -j DNAT --to w.x.y.z:44567
|
|
|
|
|
09-12-2012, 03:19 PM
|
#8
|
|
Member
Registered: Apr 2011
Location: UK
Distribution: Kubuntu 11.10
Posts: 562
Rep:
|
Quote:
Originally Posted by mohammad nour
The problem with this, is that we cannot force people to set their browsers to point to a proxy server.
|
Can't you? Standard practice would be to have a proxy server and a firewall that blocks all other http/s traffic.
If you can't force them to use a proxy server, can you prevent them from using other dns servers? |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 11:07 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
