[Freedombox-discuss] Freedombox as router - LAN-wide privacy
Daddy
daddy at autistici.org
Sun Feb 12 14:29:56 UTC 2017
Hello again.
I'm actually currently testing solution using the iptables, mentioned
here
<http://serverfault.com/questions/167233/iptables-https-transparent-proxy-with-privoxy>.
It required changing one line in privoxy's config
(accept-intercepted-requests = 1) and one iptables call.
This seems to be working as expected, except the mentioned limitation of
not being able to intercept HTTPS traffic. I'm wondering whether
hosts/DNS approach to domain blocking would be limited in this way (my
limited understanding is that DNS requests are unencrypted and visible
to the router anyway).
D.
PS: for the reference, I've used this script
<http://andrwe.org/scripting/bash/privoxy-blocklist> to import adblock
filters into privoxy, it also seems to be working OK.
On 12.02.2017 14:25, Pierre L. wrote:
> +1 for this idea :)
> Possibility to have "transparent" Privoxy for all network clients, or
> based on IP range / @MAC, hostname...
>
> I think it will be a IPTables rules to redirect everything on port
> 80-443 to Privoxy:8118
> Something like this may be, I'm not an expert with this ;)
> But yeah, it can be a cool option on the webinterface!
>
>
>
> Daddy :
>> Hello everyone.
>>
>> One more satisfied user of Freedombox chiming in, with a question - if
>> I may.
>>
>> /TL;DR/: Is there a way to route all HTTP(S) traffic from internal
>> zone through Privoxy?
>>
>> /Whole story/: I'm using Freedombox as a combo web-app host/home
>> router and everything works flawlessly. Now, I would like to implement
>> transparent LAN-wide privacy filter - blocking all trackers for any
>> client connected to the Internet from the internal zone (this was one
>> of the main reasons for building a server) and while I'm at it, all
>> the ads too.
>> I've installed, configured and tested Privoxy - and it delivers the
>> functionality I need. However, it requires client-side setup (proxy
>> settings), which is often non-trivial (depending on the client type)
>> and sometimes impossible (OS/software combination not supporting
>> proxy, non-rooted android box connected via ethernet).
>>
>> So, is it possible to set this up completely router-side?
>>
>> Thanks for any response and also thanks to everyone involved for their
>> work.
>> D.
>>
>
>
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20170212/490dec43/attachment.html>
More information about the Freedombox-discuss
mailing list