I have a setup at home as follow:
DHCP clients -----> (wifi)(nat) Openwrt -----> (eth)Main Router
DHCP clients get ip from 192.168.42.0/24
subnet.
The device I'm using is TPlink MR3020 with Barrier Breaker. I'm using an older version because after installing newer version I cannot install packages that'll enable to use USB HDD - device space shortage.
The configuration is like this:
DANSGUARDIAN:
# specify each IP on an individual filterip line.
filterip = 192.168.42.1
# the port that DansGuardian listens to.
filterport = 8888
# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 192.168.42.1
# the port DansGuardian connects to proxy on
proxyport = 3128
PRIVOXY
confdir /etc/privoxy
logdir /var/log
filterfile default.filter
logfile privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
#actionsfile user.action # User customizations
listen-address 192.168.42.1:3128
toggle 1
enable-remote-toggle 1
enable-remote-http-toggle 0
enable-edit-actions 1
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 300
socket-timeout 300
permit-access 192.168.42.0/24
debug 1 # show each GET/POST/CONNECT request
debug 4096 # Startup banner and warnings
debug 8192 # Errors - *we highly recommended enabling this*
FIREWALL:
config redirect
option _name 'dansguardian'
option proto 'tcp'
option src 'lan'
option dest_port '8888'
option src_dport '80'
option src_dip '!192.168.42.1'
option dest_ip '192.168.42.1'
I need couple of advices regarding my internet speed and DG performance:
- The performance and speed is generally good. With a few setbacks though, especially when DG is actively filters more than one clients, I experience small delays.
- When someone texts the clients via iPhone iMessages, the message doesn't show up. If I connect to a wifi other than OpenWRT, it works.
- I know for the fact there is not a %100 solution to this but I want to know whether there any OpenWRT-specific solution to HTTPS filtering using DG? I'm using url and ip filtering for famous websites (like Facebook), but it is static.
Any suggestions?