Transparent traffic filtering when connecting "into the gap"

I

Igor2011-11-01 12:05:21

linux

Igor, 2011-11-01 12:05:21

There is a computer. It works with the Internet. It is necessary to transparently censor traffic.
By "transparency" I mean: the target computer should not know about the source of the censorship. Those. we should not be entered as a proxy server to it in the browser. And it's better not to have IP addresses on the interfaces at all, if possible.

One of the tasks of censoring is to remove some links and other objects in http traffic (according to a given rule) so that the target computer does not see it.

It is planned that such a device has 2 network interfaces:
1 - to connect to the target computer
2 - to output traffic to the Internet after censoring.

For now, we plan to configure it this way:
1. iptables redirects all http traffic (src port 80) to SQUID
1. SQUID is already starting to censor.

But in this scheme, the device still has IP addresses.

I'm looking for advice from more experienced Khabrovites in such matters.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

T

thunderquack, 2011-11-01
@thunderquack

This will help the father of Russian democracy.

L

Lampus, 2011-11-01
@Lampus

I think it’s worth google for the phrase “Linux bridge firewall”
Look, for example, this: www.cryptolife.org/index.php/Linux_Bridge_Firewall
I did something similar, but much easier - I stupidly skipped only those MAC addresses that were in white list.

S

Sergey, 2011-11-01
@bondbig

Any decent IPS will do this. And no IPs. And https will inspect. I recommend Stonegate, for example.

M

mace-ftl, 2014-12-25
@mace-ftl

file.php?id=165&sid=1088c7be4e5127532d93

V

Vitaly Peretyatko, 2011-11-01
@viperet

In this scheme, you will not be able to "censor" https traffic