tproxy per user
I'm in the process of adding some parental control to my box (http filtering), but I'm something of a nOOb when it comes to network configuration :-(
I have two squid instances, one (for adults) only for caching, one (for children) using squidGuard.
To choose between both squid instances, I use -uid-owner with NAT rules.
iptables -t nat -A OUTPUT -m owner --uid-owner $owner -p tcp -m tcp --dport 80 -j REDIRECT --to-ports $port
(ditto for ip6tables)
Currently I use NAT for both IPv4 and IPv6 (with a fairly recent linux kernel), but Squid says that "intercept" only supports IPv4. I would like to have IPv6 too.
I tried to use TPROXY (e.g. using rules in http://www.pmoghadam.com/homepage/HTML/slackware-12.2-squid-3.1.5.1-tproxy-linux-router.html) but I failed because I need --uid-owner which iptables wants to set on POSTROUTING (not on PREROUTING).
How do I add appropriate --uid-owner rules using TPROXY?
I'm in the process of adding some parental control to my box (http filtering), but I'm something of a nOOb when it comes to network configuration :-(
I have two squid instances, one (for adults) only for caching, one (for children) using squidGuard.
To choose between both squid instances, I use -uid-owner with NAT rules.
iptables -t nat -A OUTPUT -m owner --uid-owner $owner -p tcp -m tcp --dport 80 -j REDIRECT --to-ports $port
(ditto for ip6tables)
Currently I use NAT for both IPv4 and IPv6 (with a fairly recent linux kernel), but Squid says that "intercept" only supports IPv4. I would like to have IPv6 too.
I tried to use TPROXY (e.g. using rules in http://www.pmoghadam.com/homepage/HTML/slackware-12.2-squid-3.1.5.1-tproxy-linux-router.html) but I failed because I need --uid-owner which iptables wants to set on POSTROUTING (not on PREROUTING).
How do I add appropriate --uid-owner rules using TPROXY?
No comments:
Post a Comment