"indirect routing" through Squid and Privoxy

James Wilkinson fedora at aprilcottage.co.uk
Wed Sep 17 20:41:34 UTC 2008 

Frank Cox wrote:
> I am considering the idea of getting one of those little "netbook" machines at
> some point.  I'm thinking that they will get very cheap around Christmas and
> one of those would be a neat toy.
> 
> I currently run Squid and Privoxy on my computers.   I'm trying to visualize a
> way to continue to have the benefit of Squid and Privoxy without having to
> actually run it locally on the netbook.
> 
> I can see how this would work if I put a second network card in one of my
> computers and added a wireless access point plugged into that -- everything
> could just be routed through the "real computer" and that would be that.
> 
> Is there a way to route traffic to and from the netbook through the "real
> computer" without having to add that hardware?

Probably. It depends on how your network is set up, and whether you want
to protect against rogue local users.

If you aren’t concerned about rogue local users, you can just configure
your browsers (and yum) to use the proxy server on whichever “real”
computer you want. They should then use it even if there is a direct
route to the Internet. If you do this, you’ll want to give the proxy
server computer a static IP address.

This won’t proxy DNS, POP3/IMAP, SSH, or whatever other services you
run.

For some more security, if you have an Internet access router which can
firewall outbound connections, you might want to limit which IP
addresses can access the Internet directly. (You might want to leave
port 53 available so you can access DNS servers…)

It might also be possible to set up two subnets: say 10.1.2.x and
192.168.3.x. You could make your router be 10.1.2.254, most of your
computers 192.168.3.x, and put your proxy server on both subnets. That
way only your proxy server can access the Internet directly. You’d have
to turn off any DHCP server on the router (and probably install one on
Fedora).

Two potential problems: I haven’t tried anything like this with
wireless, and if you have anything that isn’t happy with a proxy, you
will have problems bypassing it.

Hope this helps,

James.

-- 
E-mail:     james@ | "Hardware simply does not work like the manual says and
aprilcottage.co.uk | no amount of Zen contemplation will ever make you at one
                   | with a 3c905B ethernet card."
                   |     -- Alan Cox

More information about the fedora-list mailing list