Answer the question
In order to leave comments, you need to log in
Transparent traffic filtering when connecting "into the gap"
There is a computer. It works with the Internet. It is necessary to transparently censor traffic.
By "transparency" I mean: the target computer should not know about the source of the censorship. Those. we should not be entered as a proxy server to it in the browser. And it's better not to have IP addresses on the interfaces at all, if possible.
One of the tasks of censoring is to remove some links and other objects in http traffic (according to a given rule) so that the target computer does not see it.
It is planned that such a device has 2 network interfaces:
1 - to connect to the target computer
2 - to output traffic to the Internet after censoring.
For now, we plan to configure it this way:
1. iptables redirects all http traffic (src port 80) to SQUID
1. SQUID is already starting to censor.
But in this scheme, the device still has IP addresses.
I'm looking for advice from more experienced Khabrovites in such matters.
Answer the question
In order to leave comments, you need to log in
I think it’s worth google for the phrase “Linux bridge firewall”
Look, for example, this: www.cryptolife.org/index.php/Linux_Bridge_Firewall
I did something similar, but much easier - I stupidly skipped only those MAC addresses that were in white list.
Any decent IPS will do this. And no IPs. And https will inspect. I recommend Stonegate, for example.
In this scheme, you will not be able to "censor" https traffic
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question