I like this idea, of turning m0n0wall into more then a firewall.(on
different boxes) Having a m0n0proxy, among other things, and having them all
able to be intertwined on a click of a button. Of coarse we would need
developers to help out.
On 10/21/05 8:18 AM, "lola" <lola at yais dot net> wrote:
> hi all,
> there have been many discussions about proxy support on the list. but afaik
> there is no easy "plug and play" solution yet. i agree in having a seperate
> proxy box rather than implementing squid into m0n0wall. so here is my
> 1. build a m0n0wall-like transparent proxy based on m0n0bsd using squid. of
> course having a simple web frontend like m0n0wall. (thats the easy part)
> 2. in m0n0wall have a option "enable proxy". this would basicly alter the
> dhcp server config and set the proxy ip as default gateway.
> this means the default getaway for all clients on lan is the proxy. http
> traffic is filtered, other traffic is forwarded to m0n0wall. thats the
> downside of my idea: all traffic has to go through the proxy first. but i
> think its the easiest way to enable proxy support in m0n0wall.
> a proxy needs much more performance than a gateway. thats the reason many on
> the list dont want squid on embbeded boards (wrap, soekris). but why dont we
> let the user decide what hardware to use? i'm pretty sure a proxy running on
> a wrap board with a small (10 or 20 mb) cache stored on a mfs will do basic
> access control and simple filtering such as domain blacklisting. who wants
> to run a big proxy simply uses generic pc hardware with lots of memory and
> fast hard drives. therefore i suggest having the same images as we have with
> m0n0wall: generic (cache stored on hdd), embedded (only basic functionality)
> and cdrom (cache stored on mfs, requires a lot of memory).
> as internet bandwidth isnt the main concern these days i think the core
> function of the proxy should be access control and content filtering. im
> running an internet cafe in germany and i can tell you filtering porn on 20
> or more computers is either a pain in the ass or really expensive.
> "m0n0proxy" should have a self updating blacklist system (don't know how to
> do that yet).
> thats my idea. what do you guys think? anybody with me or am i alone on this
> Thomas Lohner
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch