Jared

I began playing around with this idea after looking at how Sieve Firewall manager to achieve this. I could never understand how to use Sieve and I also wanted to add web filtering into the mix. Thus I began to develop and try this out. I started out with setting up a VM in VMware Server. I added two nics to the VM. One nic was setup to bridge with the physical nic and the other was setup on one of the unused vmnets (I used vmnet2). You need to be sure to disable the DHCP server for that network device.

From there, I followed this tutorial on freshmeat.net to setup the bridging, ebtables and iptables to setup a blind proxy. Once that was setup I disabled TCP/IP on the physical NIC. I changed the vmnet2 nic to obtain and address via DHCP. In this setup the vmnet2 will be our gateway to the internet (it obtains and IP address from the router’s DHCP server not from the VM). Since vmnet2 obtains it’s access to the internet via our VM, we can then do what we want to the traffic with iptables. In my case I wanted to redirect ports 80 and 443 to a Dansguardian/Squid proxy setup on the VM.

One catch about this method is that you’ll most likely need to have your computer behind a router. The reason for this is that your PC actually will require two IP addresses from the DCHP server. One for the VM and one for the physical PC. Many ISPs won’t hand out multiple IPs for the same household.

There is another way around that problem if you aren’t able to give your PC two IPs for whatever reason. You can setup the VM to be a NAT router instead of bridging. The Windows setup is the same. The VM will need a DHCP server and a DNS relay. It’s a little more overhead, but it’ll work. In my setup I setup iptables to send all incoming requests from outside to the physical PC so that it could be used as it was used before.

The first method I would say is the preferred method but to each their own.