DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Forcing all internet traffic through a Proxy

  • paulstillitano
  • Topic Author
  • Offline
  • New Member
  • New Member
More
21 Jan 2010 17:56 #59970 by paulstillitano
Forcing all internet traffic through a Proxy was created by paulstillitano
Hi Guys,

Is there anyway to force all internet traffic through a proxy server using a Draytek 2820 or would I need an additional bit of kit?

Thanks

Paul

Please Log in or Create an account to join the conversation.

More
22 Jan 2010 07:08 #59980 by j.baker
Replied by j.baker on topic Forcing all internet traffic through a Proxy
What you re trying to do is also known as policy based routing. The 2820 does not appear to have that feature. I am using another router to this in my network.

Do a google for WPAD, as it may help you some what. It allows you to specify, via DNS, where a proxy PAC file is located for IE use. This PAC file would then forward traffic to your proxy server.

BTW, which proxy are you using?

Regards

John Baker


Vigor2820 series with firmware 3.3.5.2_RC2
ADSL

Please Log in or Create an account to join the conversation.

  • paulstillitano
  • Topic Author
  • Offline
  • New Member
  • New Member
More
25 Jan 2010 11:21 #60032 by paulstillitano
Replied by paulstillitano on topic Forcing all internet traffic through a Proxy
I've not sourced any proxy software yet. Basically, my friend owns a Hall of Residence for students with over 100 rooms. He currently provides an internet connection for them, however a few of the students are hammering the line.

I am looking to put in a dual WAN system and a proxy solution. I have had no experience implementing a proxy solution on a non-domain network and because of this have no idea how to stop students by passing the proxy.

What do you think?

Thanks very much and sorry for the late reply.

Please Log in or Create an account to join the conversation.

More
25 Jan 2010 12:22 #60035 by njh
You can stop the students bypassing a proxy by setting up a filter to deny all external access except where it comes from the proxy LAN address. You will have to be careful about which traffic this applies to. If you are only proxying http and not https (I don't think you can), you would want to deny all traffic with a destination port of 80 (and probably also 8080 and 3128 which are common external proxy ports) and so on. I don't know what you can do about other protocols (ftp, filesharing etc). You could sledgehammer it and deny everything except port 80 from your proxy and https (port 443). You may also want to consider ftp and so on.

2900Gi/v2.5.6; 2900/v2.5.6

Please Log in or Create an account to join the conversation.

More
27 Jan 2010 16:53 #60111 by stuc
What about "SME server" set up as a "server only" on the network and used static bind on the Vigor to set the "gateway address" in DHCP to the SME IP address.

Set the SME as a "blind proxy" for web. Sme will run happily on a P3 with 512-1G ram if you are using an older workstation as base.

Use the Vigor Bind IP to MAC and set default bandwidth for most machines to something horribly small (so if they bypass DHCP they don't get anything other than a trickle, they soon get bored) also block any other services with the firewall. Bear in mind some windows features like activation or updates cry if they can't report back direct that's why I don't block access completely. Also some secure sites (Banks) may not like being behind a proxy.

With SME as blind proxy (install sarg reports too) you can monitor access and see who is using the most bandwidth. Install "sysmon" and get server loading, bandwidth etc. charts too.
There are obviously a shed load of other things to be said for having a simple to administer linux server on site (Intranet, file share, backup etc.)

I've run one install like that for years and had uptime on the Vigor (older 2800) of 2300hrs+ with almost no web down time and a picked up abuse very quickly.

Please Log in or Create an account to join the conversation.

More
19 Feb 2010 11:38 #60617 by adcburke
Replied by adcburke on topic Forcing all internet traffic through a Proxy
You could use a squid based transparent proxy, i know technically it isnt using the router but it means that anything connected will have no choice but to go through the proxy.

Linux box with 2 network cards, 1 connected to network one connected to router. setup routing to pass from one to the other (loads of guides on net) then install squid proxy and setup a firewall rule to redirect all port 80 requests to port 3080 (think thats the default squid port), job done.

You can even setup authentication on squid so noone can jut plug stuff in and have acces to net without you giving them a password

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami